Log4j, the open-source java tool, now poses one of the biggest security vulnerabilities of recent times. In this blog post, we attempt to understand the software vulnerability of this popular logging library tool and how it affects the digital world.
What is Log4j?
Log4j is a Java library for logging error messages in applications. This logging utility is used in hundreds of millions (if not billions) of devices worldwide.
During the Thanksgiving holiday weekend, an Alibaba Cloud Security Team member discovered a flaw in Log4j and alerted the Apache Software Foundation. The flaw allows a hacker to access a device remotely to gain entry into IT systems without authentication and have uncontrolled access to devices worldwide.
Picture this; a hacker can feed the log4j library a line of code that tells a server to pick up data from another server owned by the hacker. This data could be anything, from a script that gathers data on the devices connected to the server—like browser fingerprinting, but worse—or even take control of the server in question.
Who gets affected by this?
Log4j is widely used across consumer and enterprise systems, such as iCloud, Salesforce, Tableau, Okta, IBM, Microsoft, Red Hat, Siemens, to name a few.
The list of victims includes Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, Google, and one of the world's most popular video games, Minecraft.
What can companies do to protect themselves?
Patches and technical support have been released widely. When it comes to vendor software, it’s best to follow the individual providers’ guidance on how to deploy any updates and ensure your operations are secure.
Cybersecurity and Infrastructure Security Agency (CISA) recommends that companies examine their internet-facing programs that employ Log4j, respond to alerts connected to these devices and install a web application firewall (WAF) with rules that automatically update.
If your organisation is dependent on crucial software, you should have an open and honest conversation with the vendor about steps they’re taking to protect your business.
What is Xref doing to protect its customers?
While it’s hard to say how long it would take to fix this vulnerability across systems worldwide, at Xref, we follow a security-first approach for all our clients. We’ve thoroughly scanned Xref and Rapid ID where this vulnerability could be a threat. All our OpenSearch clusters using AWS, Elasticsearch cloud (and its beats), and others have been upgraded and patched.
Security is a top priority and we are driven to ensure the highest standards when it comes to security and privacy. We continue to work hard to ensure the safety of our systems and the trust of our customers. If you have any questions, reach out to our customer support at email@example.com.