WorkSmart is aware of the critical vulnerability in Apache Log4j that can be used to launch cyber attacks. We continue to work with our vendors to identify any potential vulnerabilities and ensure our tools are secure.
Here are details on the Log4j vulnerability, including who it impacts and what steps you can take to reduce the risk to your organization and your customers.
What is the vulnerability?
Last week, a software flaw in Apache’s Log4i program, a library used to log functionality in Java-based software.
Widely used by many third-party applications, Log4J gives software developers a way to record activity that can later be used to help with things like troubleshooting.
By exploiting this vulnerability, attackers can remotely gain control over computers running any affected version of Log4J (versions 2.0-beta9 to 2.14.1). Once they have access to the computer, they can potentially gain access to other parts of the organization’s network.
Who is impacted?
This threat affects any Java application using Log4j. This logging tool is the most common for Java applications, and Java is used extensively in developing software. Unfortunately, this may impact many services and products, including major vendors.
What can you do now?
- Keeping all devices and software up to date is a key defense in protecting against known threats. With this threat, you should make sure Java is up to date.
- Check to see if your organization uses any affected software.
- Even though Apache released a fix for the vulnerability (log4j-2.15.0.rc2), you may need to wait until the vendor releases a security patch.
- Many software vendors have issued advisories with their plan for mitigating any potential risk. All organizations should be communicating with their software vendors and continue to monitor any potential risks and if/when any actions are taken to mitigate them.
NOTE: CISA is managing a community-sourced list of affected software here: https://github.com/cisagov/log4j-affected-db.
For WorkSmart Clients:
Sophos has confirmed our managed firewall and anti-virus solutions have been actively updated to look for intrusion detections and to block malicious behavior associated with this attack.