Last Friday, the cybersecurity community issued an alert for the Log4j vulnerability. This is a crucial vulnerability that you should be reviewing your own risk assessment as well as the online vendors that you use.
The Wall Street Journal reported this earlier in the week:
Good Morning, CIOs. Big tech firms are scrambling to patch a flaw in a widely used piece of internet software. The bug, found in server software called Log4j, is easy to exploit and hard to block, experts tell The Wall Street Journal's Robert McMillan, and could be used by hackers to break into corporate networks.
Why it's dangerous. The flaw, reported late last month to the all-volunteer Log4j development team, gives hackers a way of turning the log files that keep track of what users do on computer servers into malicious instructions that force the machine to download unauthorized software, giving them a beachhead on a victim's network.
Heartbleed 2? Log4j is distributed free and its users are myriad, including Microsoft Corp., Apple Inc., International Business Machines Corp.'s Red Hat, Oracle Corp. and VMware Inc. It isn't the first time the open-source software has sparked security worries, the WSJ reports. In 2014, internet users world-wide were urged to reset their passwords after another issue-known as Heartbleed-was discovered in OpenSSL, an obscure yet similarly ubiquitous piece of internet software.
Earlier this week, Daisy Steele (Catlin Gabel) shared a spreadsheet that Buck Crockett (Almaden Country Day School) has made into a public Google Sheet which multiple people have been updating throughout the week with the various different vendor responses. You can access this here:
#ITSystemsandSupport#CybersafetyandDataSecurity------------------------------
Vinnie Vrotny
Director of Technology
The Kinkaid School
vinnie.vrotny@kinkaid.org------------------------------