Last Friday, the cybersecurity community issued an alert for the Log4j vulnerability. This is a crucial vulnerability that you should be reviewing your own risk assessment as well as the online vendors that you use.
The Wall Street Journal reported this earlier in the week:
Good Morning, CIOs. Big tech firms are scrambling to patch a flaw in a widely used piece of internet software. The bug, found in server software called Log4j, is easy to exploit and hard to block, experts tell The Wall Street Journal's Robert McMillan, and could be used by hackers to break into corporate networks.
Why it's dangerous. The flaw, reported late last month to the all-volunteer Log4j development team, gives hackers a way of turning the log files that keep track of what users do on computer servers into malicious instructions that force the machine to download unauthorized software, giving them a beachhead on a victim's network.
Heartbleed 2? Log4j is distributed free and its users are myriad, including Microsoft Corp., Apple Inc., International Business Machines Corp.'s Red Hat, Oracle Corp. and VMware Inc. It isn't the first time the open-source software has sparked security worries, the WSJ reports. In 2014, internet users world-wide were urged to reset their passwords after another issue-known as Heartbleed-was discovered in OpenSSL, an obscure yet similarly ubiquitous piece of internet software.
Chief Information Officer
Trinity Preparatory School 5700 Trinity Prep Lane | Winter Park, FL 32792
321-282-2507 | trinityprep.org
Facebook | Twitter | Instagram| LinkedIn
Book a Meeting with Me
4 Weems Lane #257 Winchester VA 22601
© Copyright 2020
Powered by Higher Logic
Theme by eConverse Media