December 17, 2021
You are about to leave Risk Strategies website and view the content of an external website.
You are leaving risk-strategies.com
By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive in response to a known zero day vulnerability in Log4j. Apache Log4j is a logging framework that is embedded in applications which allow developers to log various types of user activity. It is specifically written in the Java programming language and is used in many different types of enterprise systems and web applications.
If a vulnerable server uses Log4j, the recently discovered flaw allows a threat actor to request a malicious payload from an attacker-controlled server. Threat actors have already begun scanning for this vulnerability to identify unpatched servers prone to compromise.
To mitigate the vulnerability Apache is recommending patching immediately.
Please share the announcement with your IT team or managed service provider to determine if steps need to be taken to secure environment.
If you need assistance in determining whether any further action might be needed, we have trusted partners who can assist in evaluating.
If there is concern that an indicator of compromise is apparent please contact our team to report a claim and initiate the incident response process by clicking here.
Have additional questions?
Find me on LinkedIn, here.
Connect with the Risk Strategies Cyber Risk team at cyber@risk-strategies.com.
Email me directly at rrosenzweig@risk-strategies.com.
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.