• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

commonsent / January 13, 2022

So What is Log4j and Why Should I Care?

Padlock on the mainboard concept show Log4j vulnerability.

I’ve determined the last name of the cyber criminals. It’s Scrooge. Or maybe it’s Grinch.

Either way, obviously cyber criminals hate Christmas. Once again, right before the holidays we were alerted of the latest, and possibly biggest, vulnerability. It’s Log4j.

On November 24, it was discovered that this vulnerability existed but was not disclosed publicly until December 9. Just in time for all the cyber security and IT teams to cancel their holiday parties and scramble to respond to it.

So what exactly is Log4j? It’s a logging tool that is used in a LOT of software. A LOT. Software that is used by everybody. It is software that is used on Windows, Linux, Apple and iOS devices. It is used in corporations, public and private sector, government entities, and individuals. EVERYBODY.

What makes it dangerous? First, the vulnerability would allow a hacker to access a computer system and then do whatever they want…install malware, steal data (including passwords) or just lay in wait for an opportune moment to attack.

Log4j has been updated to remove the vulnerability. However, as with most updates, it is up to the administrator of your network to install these updates. The time between the announcement of the vulnerability and the installation of the update is a race to see if the window can be closed before the cyber criminal climbs in and hides.

So just like with the MicroSoft Exchange hack last year, fixing the problem is only the first step. The next step is to do forensics to determine if the hacker did in fact climb in through the window and is now hiding in a closet waiting to rob you blind…or worse.

Once you run the forensics, you must clean the system and make sure it’s locked down tight. And most importantly, implement a procedure by which updates are regularly made and have a cyber security team install continuous digital monitoring to make sure you stay safe.

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT