Subject: Early Edition: What Small Business Needs to Know About the Log4J Worldwide Software Bug

Heart Harmony Communications Logo

Have you heard of the worldwide software vulnerability Log4J?

Early edition due to some serious tech news that you need to be across. A major software vulnerability in over 3 billion systems worldwide.

What Small Business Needs to Know About the Log4J Worldwide Software Bug

Unless you are in the IT industry, the news of a worldwide massive security vulnerability that has just been discovered may have passed you by last weekend.


The problem is that this particular vulnerability has immense potential ramifications and has had IT teams around the globe racing against hackers to try to patch the problem.


What is the problem?

The software that runs our business applications, servers and other apps uses code. In many cases, this code draws on what is known as open-source code that developers have made available for free for other developers to use.


Rather than reinvent the wheel, developers copy and tweak this open-source code into their own programs.


When this code is particularly useful, you may see it appear in millions of pieces of software, hardware and systems.


It works brilliantly until a vulnerability is discovered in that code that hackers can then use to access the software, hardware, and systems.


What is Log4J?

In this situation, the open-source code is catchily titled “log4J”.  


This particular code helps to record what is happening in programs and systems. These logs help keep an eye on if things are running smoothly with a program or what has triggered particular errors in a program or system.


Log4J is one of the most popular pieces of open-source logging code on the market. It is conservatively estimated to be used in 3 billion (yes – billion with a b) systems worldwide.


It is used in many business programs, applications, cloud services, and web servers. It also includes security devices, PCs, Macs, web servers, mobile phones, network devices, cloud hosting providers and tech connected to the Internet of Things such as smart devices. 


What is the vulnerability?

A vulnerability was found in the code on 9 December 2021 that allows malicious actors to take complete control of servers and programs running the code without authentication. This means it bypasses multifactor authentication and other systems designed to stop unauthorised access.


The vulnerability allows malicious actors to install malware or ransomware, access all files on the server or install backdoors to your system for later access.


The vulnerability has been named Log4Shell for ease of reference and classified as a high severity 10/10 vulnerability (CVE-2021-44228). It affects version 2 of Log4j between versions 2.0-beta-9 and 2.14.1. It is patched in 2.15.0. The ASCS has listed the alert status as critical.  

READ THE REST AT THE BLOG
Bowler hat with a lightbulb icon

Business Idea of the Week

Patch. Patch. Patch some more. Delegate someone in your team to ensure all patches are run on every system every day while this gets sorted out.

Need a hand getting online without the overwhelm?

Give us a call or drop us a line. We would love to help!

GET IN TOUCH
Online without the overwhelm

Let's Get Social!

facebook
linkedin
twitter
youtube
Heart Harmony Communications, PO Box 476, 4055, Ferny Hills, Australia

You may unsubscribe or change your contact details at any time.

    This is an online snapshot of a newsletter created by the owner of Heart Harmony Communications (Heart Harmony Communications, PO Box 476, 4055 Ferny Hills, Australia) and sent via GetResponse on 2021-12-14. Report abuse