Log4j Zero-day Vulnerability News

GBS monitors Log4J vulnerability

Share This Post

GBS is proactively monitoring the situation. We are working with our partners and clients to limit the exposure brought about by this vulnerability.

The Java software library “log4j” features a significant technical vulnerability and is
therefore a potential gateway for cyber-attacks. The focus is on applications that can
be accessed from the Internet and that use the log4j library (CVE-2021-44228). This
vulnerability needs to be closed as soon as possible to protect yourself and your
systems from attacks and especially against ransomware.

Actions needed:
• Scan all your IT applications according to the log4j library
• Apply a patch or alternatively a parameter fix
• Details can be found on the following website: United States Cybersecurity & Infrastructure Security

The Log4j vulnerability affects everything from the cloud to developer tools and security devices. Here’s what to look for, according to the latest information. A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. 

The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework. Since last week’s alert by CERT New Zealand that CVE-2021-44228, a remote code execution flaw in Log4j, was already being exploited in the wild, warnings have been issued by several national cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC). Internet infrastructure provider Cloudflare said Log4j exploits started on December 1.  


Basically any device that’s exposed to the internet is at risk if it’s running Apache Log4J, versions 2.0 to 2.14.1. NCSC notes that Log4j version 2 (Log4j2), the affected version, is included in Apache Struts2, Solr, Druid, Flink, and Swift frameworks.  

Mirai, a botnet that targets all manner of internet-connected (IoT) devices, has adopted an exploit for the flaw. Cisco and VMware have released patches for their affected products respectively.

(Credit ZDNet, Liam Tung)

More To Explore

US Senate Meets with Tech Leaders

In a pivotal meeting held on September 13, 2021, the US Senate convened with an impressive array of top tech leaders. Elon Musk, Mark Zuckerberg,

Do You Want To Boost Your Business?

drop us a line and keep in touch

GBS Blog Footer Image

let's talk!