Center for Cyber Security and other cyber security organizations worldwide warns about a new and serious vulnerability in the "Apache Log4j" framework. Apache Log4j is an open-source Java-based logging tool used in a broad range of products and services.
The security breach can be exploited by to gain access and total control over servers and systems. Millions of users and businesses are at risk of being compromised. The latest numbers show, that close to 40% of corporate networks worldwide, and nearly 58% of Danish corporate networks, have been exposed to attempts through Log4j.
The security breach is relatively simple to exploit, and it is feared that even inexperienced hackers could come into play. Along with the fact that Apache Log4j is widely used and not least in many 3rd party products, including Amazon, Microsoft, Cisco, Google Cloud and IBM., this has the potential to become a scary scenario.
What to do?
The Apache project recommends that you upgrade Log4j to version 2.16.0 or implement the solution as described on the project website: Log4j - Apache Log4j Security Vulnerabilities. Please note, that the previous version 2.15.0 contains vulnerabilities, and therefore it is recommended that you update the version 2.16.0.
You can see the list of affected applications here, that the Dutch Center for Cyber Security has compiled regarding the Apache security hole.The list is constantly updated.
The Danish Center for Cyber Security has also warned about the vulnerability on their website (in Danish only), were you can also find recommendations for measures to reduce the vulnerability.