Log4j vulnerability common to many software

About the code, corporate and personal response

Cybersecurity experts have raised awareness to a newly discovered computer bug in hugely popular code called log4j. Free code used in myriad software applications to record or track past activities may be exploited to log and execute malicious code, report Tatum Hunter and Gerrit De Vynck for Washington Post.

Software bugs are common, but log4j is so widespread in Java programming like a mass manufactured door lock installed in millions of doors let alone homes.

Everything with log4j code may not be hacked, but the opportunity to do so has become significantly easier -- cutting past all typical defenses to block attacks.

Public and private sector programmers and information security experts, including KISTERS AG, have been working day and night to fix software for which they are responsible.

To exploit this particular vulnerability, bad actors must deliver malicious code to a service running log4j. Phishing emails, public chat box messages in Minecraft, and Twitter display names have been identified as vectors -- or modern day Trojan horses.

If you get a (suspicious) email saying your account has been compromised or your package failed to deliver, don't click or open any links or attachments. Make sure you actually have an account with that company or you are expecting mail or cargo from that carrier. Then find a real customer service phone number or email, and proactively reach out.

Software developers will be contacting users to ensure their apps are updated with patches to fix log4j issues. This collaboration will be important.

Back