Software Security Hole Puts Businesses at Risk

The federal government has warned that a newly discovered computer software vulnerability poses a major threat to the security of computer networks around the country. Cybercriminals are exploiting holes in open-source code software commonly used in computer applications, websites, and cloud services. This can allow cybercriminals to seize control of a business’s computer network if preventative measures are not taken.

This is not a threat that businesses should take lightly as it could cripple your organization if your network is affected. If your firm is large enough to have dedicated IT staff, it should be their immediate focus.

The Danger of the Log4j Vulnerability 

The vulnerability lies in the Log4j software library, written in the Java programming language and created by the Apache Software Foundation. Many software vendors incorporate the Log4j software library into products such as websites, applications, and cloud services to record network security and performance information.

It is likely that some of the software your business uses is built around Log4j. It runs on everything from cloud services to business enterprise software to internet-connected devices such as security cameras. The federal Department of Homeland Security, the National Security Agency, and other agencies announced on December 10, 2021, that they were “responding to active, widespread exploitation” of the vulnerability. They warned that, if a company’s software has this vulnerability, a criminal could take over the network and cripple the business.

What you should do

Do not take this threat lightly. As stated above, if you have dedicated IT staff, make it their primary focus. Major software developers have reported that their products have the vulnerability. You can find the full list of affected vendors and software here.

Apache has published three software patches to address the problem since it became known. Software developers who use Log4j are likely applying the patches and making updates to their software available to business users. If you receive notification about an updated version of software you
are using, it should be installed promptly.

Vulnerable Brands

Software developed by these firms have the security hole:

• Microsoft
• McAfee
• Hewlett Packard
• IBM
• Red Hat
• Dell
• Cisco
• Adobe
• Salesforce
• Oracle

Companies that do not have their own IT department should contact computer network consultants as soon as possible to get advice on how to proceed. The Cybersecurity & Infrastructure Security Agency has technical information on this threat on a dedicated website. IT experts should review the site’s content, take appropriate actions as soon as possible, and monitor the site for further updates to the situation.

In the meantime, system administrators should adjust logging system settings so it does not interpret data as computer code. Antivirus software, using a virtual private network for remote access to the system, and being alert for phishing e-mails are also important protections. Sound network data security coupled with safe internet practices can protect your business’s systems and your ability to continue operating.