A serious weakness has been discovered in a software component widely used by businesses and organisations.
Attackers could use this vulnerability to gain access to a business’s computer systems.
It is very important that businesses update their software as soon as possible, as attackers are already exploiting the vulnerability.
On Friday 10 December, a vulnerability in the Log4j Java library was brought to public attention. The vulnerability allows a user to take control of a server by simply inputting a piece of code into a business’s logging system, for example, an online form.
It is a serious issue that could result in ransomware attacks or data breaches.
“Anyone using the Log4j library needs to update the software, in order to fix the vulnerability,” says said CERT NZ Incident Response manager Nadia Yousef.
“We recommend that businesses who are unsure which software they are running should immediately contact their IT provider and ask if they are at risk.
“We have an alert on our website that explains how to mitigate this issue and minimise the potential harm.”
CERT NZ recommends businesses contact their software vendor and send them the IT specialist advisory found here: https://www.cert.govt.nz/it-specialists/advisories/log4j-rce-0-day-actively-exploited/