Skip links
Support
Meet Burak
Chat Tech Solutions
Published in: Blog

CTS Update: Log4j Vulnerability

Author
Published on:
2 minutes

7d52407c-580f-f298-fa4b-01752c0bd480.jpe

Happy Monday,

We’re here to give you an update on the Log4j exploit that’s been recently discovered and causing a lot of concern.

First, we are fully aware of the wide-ranging consequences of cyber security incidents and take them very seriously. Our team closely monitors any breach and vulnerability, and takes immediate action to protect our clients. This exploit affects cloud-based services, not your devices. Therefore, we do not need to make any changes or updates to them. We are closely working with all of our cloud-based service providers to confirm any vulnerability (if it exists) is addressed. At this time, we do not have any reason to believe this exploit is a concern for any of the services we provide. Below is a short explanation of the vulnerability:

What is this exploit about?

Many, many servers (including internet servers) use a programming language called Java. Java has been around for a quarter of a century at this point, which in computer technology time, is a very long time.

One of the oldest Java plugins (called libraries) for logging things in a server is called “Log4J”. Log4J has been around for almost 20 years now, so there are also many servers out there that use it.

Something that almost every server must do, over time, is generate logs of text. For example, “At 12:23pm user 67456 submitted a review for product 7635824: This is the best toothbrush I’ve ever purchased!”. Log4J is used to log text like this.

It turns out that some versions of Log4J have a critical vulnerability where, if a specially formatted piece of text is saved to a log that is handled by Log4J, an arbitrary command can be executed in that server. So, for example, “At 12:23pm user 67456 submitted a review for product 7635824: {send user 82738’s private account details to badguy267@evil.scammers.com}”

This example is simplified a lot, but they hopefully communicate the basic nature of the threat.

Unfortunately, as an individual, there’s not a lot that you can do about any of this. First off, it’s difficult to know which of the internet services that you use depend on Java. Secondly, it is virtually impossible to know which of these services use Log4J. Thirdly, it is even more impossible to know which versions of Log4J they are using.

As always, we’ve got your back and are doing everything we can to keep you safe.

– CTS Care Team

open.php?u=9ce29e3119863d988665be553&id=

You may also like

April 18, 2024

Business Continuity Playbook
(Part-4) Last Resort

Welcome to the final chapter of our business continuity playbook. Throughout this guide, my aim has been to equip you with the necessary knowledge to ask the right questions and avoid trusting solely others to ensure the well-being of your business. As a business owner, it is impossible to be an expert in every aspect of your company. However, I firmly believe that having a general understanding of all areas, like a ship’s captain, will help you navigate through any challenges and steer your business toward your ultimate goal.

April 11, 2024

Business Continuity Playbook
(Part-3) Network Protection

Welcome to the next chapter of our business continuity playbook. This week, we will be delving into the crucial layer that safeguards your data and devices: your network. My aim is to shed light on this often overlooked and poorly understood layer, equipping you with the necessary knowledge to comprehend the risks and ask the right questions. If you haven’t already, I highly recommend starting by reading the first two chapters, “Data Protection” and “Device Protection,” from the previous weeks before proceeding.