By now, you have probably heard about the recent Log4j vulnerability.
First, what is Log4j? Log4j is a framework software developers use to record user activity and the behavior of applications for subsequent review. Distributed free by the nonprofit Apache Software Foundation, Log4j has been downloaded millions of times and is among the most widely used tools to collect information across corporate computer networks, websites and applications.
Who/What is Affected by Log4j?
Due to the ubiquity of log4j, most of the biggest platforms on the internet are involved with the debacle. According to various reports, the list of affected components/apps include big names like Apple, Twitter, Amazon, LinkedIn, CloudFlare, and more.
How Can the Bad Guys Take Advantage of Log4j?
The Log4j vulnerability allows attackers to execute code remotely on a target computer, meaning that they can steal data, install malware or take control. Some cybercriminals have installed software that uses a hacked system to mine cryptocurrency, while others have developed malware that allows attackers to hijack computers for large-scale assaults on internet infrastructure. (Source: Wall Street Journal)
What Should You Do?
The BMT team is working closely with our vendors and taking the necessary steps to ensure the safety and continued operation of our services and clients. If you are not a BMT Managed Services client, we encourage you to be diligent when it comes to updating prompted devices and applications.