By March 2023, all cyber policies written by Lloyd's Syndicates...Read More
Log4j is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services, meaning that there’s a wide range of software that could be at risk from attempts to exploit the vulnerability.
A member of Alibaba’s cloud security team discovered a dangerous vulnerability known as Log4Shell, which has affected the likes of iCloud, Steam and Minecraft–and poses a real threat to businesses more generally.
The vulnerability can be exploited by using a single line of code and allows attackers to execute remote commands on a victim’s system. It can be exploited by attackers to take control of any Java-based web server and carry out remote code execution (RCE) attacks.
This should be the first priority for all organisations using software that is known to include Log4j.
To support the first priority action above, you also should now determine if Log4j is installed elsewhere. Java applications can include all the dependent libraries within their installation.
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.