We at InfraNet take security very seriously. You may have been recently made aware of a new vulnerability in the media by the name of Log4j. While this is not a new vulnerability, the ubiquity of its impact is something that the technology field is just now becoming aware of as a critical risk.
To briefly explain:
The Apache Log4j Library is used by developers worldwide as a resource when creating software. It provides essential functions such as logging information and sorting a device’s tasks. It was found that if this log was exposed to a specific sequence of characters by a malicious actor, then any code could be forced to run on the affected device. Referred to as a Remote Code Execution (RCE) attack.
The result is – if this exploit is not mitigated, many devices are open to being attacked and otherwise accessed by people with malicious intent (Bad Actors). Additionally, since this code can be found on devices from many different vendors, ranging from Apple to Xerox, there is a lot of work to fix this security flaw!
With that being said, the good news is that this issue is easy to fix! Many vendors have already released updates for vulnerable devices. In addition, we at InfraNet are utilizing tools to identify and mitigate all managed devices, ranging from computers, servers, phones, firewalls, and any other devices that we oversee for you.
What you can do to help is to keep the devices that we do not manage, up to date, such as your personal cell phones, home equipment, and Internet of Things (IoT). Both Apple and Android have issued updates in the last 48 hours, and the sooner you can get all your devices updated, the safer everyone will be.
For more information related to this vulnerability, I strongly recommend NIST’s National Vulnerability Database (NVD) as they are recognized internationally as the foremost authority on matters such as these. https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Please take the time to update all your equipment and reboot.
Based on the new realm of security exploits, it is helpful to create an inventory of all technology, how to access, and how to update it.