Log4j is a java-based software library developed by Apache. It is widely used in many devices world-wide. This includes cellphones, tablets, laptops, PC, MAC's and so much more. Most operating systems and most browsers are using this piece of software. Many consumer and enterprise services, websites, and applications as well as in operational technology products utilize Log4j. Its main purpose is to log security and performance information of systems. As a user you will never see this software library, as it is deeply hidden in any system.
In simple terms, this library can be found everywhere.
In essence hackers can exploit log4j to gain entry to systems. Once they have access, there are very few limits to what hackers can do. It includes placing viruses, hijacking computers and servers, complete networks, placing ransom ware and much more.
Jen Easterly, head of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), called it "one of the most serious flaws" seen in her career.
The US government has issued a warning to impacted companies to be on high alert over the holidays for ransomware and cyberattacks.
The bad news is that there is no remedy available to fix this immediately. While Apache has released multiple patches so IT companies can update their servers, this issue will haunt the industry for years.
WEEcommunicate.com has installed patches on all of its servers immediately. We also have upgraded operating systems earlier than planned to be proactive. We are monitoring the situation.
As published by CISA:
As a consumer or regular user of technical devices, we recommend to follow these steps on a regular basis:
We will keep you updated of any news.