Serious vulnerability in Apache Log4j

  • Security
  • Security

What is Log4j?

If you’ve been following the news, security communities, or other tech websites at all lately, you’ve probably noticed that you’ve been overwhelmed with reports from the National Cyber Security Center (NCSC) about the new “Log4J security bug”. A serious vulnerability has been found in “Apache Log4J”. That is a piece of software that is used worldwide for logging Java applications. This mainly concerns web applications, internet and intranet portals.

How serious is this problem?

To get straight to the point, this problem is: SERIOUS.

This bug/vulnerability allows hackers to remotely take over and abuse the rights of websites and web servers, resulting in major damage.

The NCSC is even talking about a bug that has the potential to become one of the biggest security problems in recent years.

The Log4J / Log4shell security issue explained

The new vulnerability is in Apache Log4j. This is software that is used by almost all companies for keeping digital logs. The software registers in Java applications, for example, when and which user names log in to a website.

Apache, the maker of the logging software, has now released an update that should close the leak. The NCSC now recommends installing this update as soon as possible to prevent misuse. It is currently unknown what the damage of Log4j is.

Get Interactive’s servers are not affected by our advanced security protocol. We have taken further measures to protect our customers even better. Since the announcement of the bug, cyber criminals have been looking for targets en masse and in a targeted manner.

How can a hacker use this bug?

With this bug, malicious parties have a worryingly simple method of executing code in a variety of Java applications. In this way, hackers can remotely take over and abuse the rights of websites and web servers.

Where is this bug? Any environment where you log in via a web browser (for example: Google Chrome, Firefox, Safari or Microsoft Edge) and where you store company or customer data can potentially contain the vulnerability.

What has Get Interactive done to prevent Log4j?

Our developers and security specialists took immediate action and worked hard this weekend to protect our customers. We have checked all servers for new security risks and for the possible presence of the Log4j vulnerability.

This turned out not to be present in all cases and therefore running the security patch – to remedy this vulnerability – was ultimately not necessary.

What's next?

Apache Log4j is very widely used, at large and small organisations at home and abroad. The way in which this vulnerability can be exploited is now publicly known. Given the much attention for this bug, we expect that there will be hackers who will come up with other ways to (further) abuse it.

For that reason, we will closely monitor the developments surrounding this bug in the coming period. Our team of developers and security specialists also ensures that new updates and security measures are implemented.

Do you want to know more about this bug or how we keep your website safe? Leave a message via the button below. Our security specialists are happy to help you!