A vulnerability was found in Log4j, an open-source logging library commonly used by applications and services across the internet. If left unfixed / un patched or ignored, the attack can break into systems, steal passwords and logins, extract data, and infect networks. This can also be hard to detect.
Log4j is used worldwide across software applications and online services, and is very easy to exploit. It is used heavily in most Apache / Java software and is used in a lot of modern-day software and cloud providers.
Any type of software that logs events such as a network monitor, a CRM platform or even developers that use software to capture a log of an event for troubleshooting have most likely used Log4j in some form.
As Log4j is part of the devices and services you use online. We advise the best thing to protect yourself is to periodically check for updates and install across all software and devices and continue to keep them up to date.
Organisations that self-host services or have an on-premise IT infrastructure are advised to carry out a risk check and look to migrate or update any software and devices if needed.
At IT-Logik, we have already carried out an audit across all our systems and patched them accordingly, and currently none of systems, devices or hosted services we offer are affected by this. We have also taken extra steps to contact software vendors and update and patch our systems to avoid any risk.
We also ask you check your software vendors or any in house code to see if you are at risk and look to update any fixes that may have been released. This includes any servers you are hosting with IT-Logik, for example VPS, where you do not get direct support from our service desk team.
If you would like more information or would like us to look at doing a risk audit for your systems please contact the IT-Logik Support Team.