Log4j Zero-Day Vulnerability: What you need to know now

14th December 2021NewsRob Batters

Are you ready to get in touch?

Request a Call back

Log4J – What you need to know now

Log4j is a Java based logging utility and part of the Apache Logging Services.

The widely reported log4j vulnerability represents a significant threat to any organisation running the affected code.

It is tempting to assume a one size fits all patch can be applied in isolation, but given the many ways in which Apache can be deployed, anyone using an application that uses Apache Logging Services is advised to contact the vendor for further advice since testing may be required to ensure that business functions continue as expected after a patch is applied.

If you are unsure if log4j affects you, our advice is to contact your vendor. If you need help to apply vendor approved patches, Northdoor will be happy to assist.

We are consistently monitoring the situation for any changes. If we have any further updates in regards to this matter, our clients will be notified via email/phone.

We also recommend you monitor this page as we’ll be adding any additional updates here if required.

In the meantime, if you have any queries, please feel free to contact us.

Contact us

Suppliers are in various states of investigation.

IBM

Microsoft

Oracle

ManageEngine

Logic Monitor

Read the IBM blog titled ‘How Log4j Vulnerability could impact you’ on Security Intelligence here.

IBM Security X-Force Webinar – Log4j

Access the replay of the session with IBM X-Fore experts to learn more about the vulnerability and how organisations can reduce the risk of an attack.

Duration: 17 min
Available On Demand

Register Here

IBM Security X-Force is tracking a recent disclosure regarding a vulnerabilityin the Log4j Java library, dubbed Log4Shell or LogJam. Millions of applications use the Java-based Log4j library to log activity, including several prominent web services.

While Apache has issued a patch with an update to the latest version, unpatched versions could be exploited by loading arbitrary Java code on the server. This could enable an attacker to take complete control of the system.

This disclosure is being tracked in this IBM X-Force Exchange Collection and will be updated should additional information become available.

Join this session to hear from Global Lead,  X-Force Threat Intelligence Nick Rossman, X-Force Red Research Lead, Dan Cowley and X-Force Associate Partner, Abby Ross and learn about:

  • The latest information about this flaw from our X-Force team.
  • Learn how to check for vulnerable versions of Apache Log4j in your environment.
  • Understand how to reduce the risk of an attack against your organisation.

Register Here

Cyber-security
Rob Batters All Author's Posts

Our Awards & Accreditations

See all Awards