Critical Log4j Vulnerability Update

Critical Log4j Vulnerability Update

The critical vulnerability identified as CVE-2021-44228, affects the Java logging package Log4j. Apache’s Log4j is used across the Internet as a tool for logging changes in applications and software. The vulnerability is simple to exploit allowing an attacker to establish a foothold and steal data or run malicious software. The universe of cyber adversaries including infamous nation-state sponsored hacking groups Hafnium and Charming Kitten are actively working to target this vulnerability to exfiltrate data and drop malicious payloads.

Tego advises that any organization using the Log4j upgrade to log4j-2.16.0 immediately.  Importantly, the log4j package may be bundled with an organization’s software. Those organizations and may have to wait for their software vendors to push security updates out for their affected products. In that case, Tego recommends affected customers contact their software vendors immediately to gain visibility into the timing of said updates and establish actions to mitigate the risk of exploitation.

Tego is assisting customers in identifying the vulnerability in the customer environments, providing guidance for patching and identifying risk mitigation actions. Please contact your Tego account manager today to discuss the steps your organization should follow to reduce the risk posed by the virulent Log4j vulnerability.

About the author
Jennifer Vosburgh is a seasoned Marketing and Communications professional. With over 15 years of experience, she has a strong background in Marketing, Communications, and Event Management. As Vice President of Tego Data Systems in Raleigh, NC, Jennifer is responsible for delivering full-scale Marketing Campaigns across all platforms including website, email, social media, events, and more.

By using this website you agree to our updated Conditions of Use and consent to the collection and use of your personal information as described in our updated Privacy Notice, which includes the categories of data we collect and information about your preferences and rights.