JumpStart Matrix takes the responsibility of hosting and keeping our clients sites secure very seriously.
Who is looking after your site’s Security? Do you have a monthly site maintenance plan in place?
A few people have now heard about one or 2 of the new serious breaches like ‘Log4j’ as hacking has increased exponentially in the last 2 years worldwide.
What IS Log4j?
Log4j is widely used open source Apache logging framework that developers use to keep a record of activity within an application. Security responders are now on total ‘scramble mode’ to patch the bug, which can be very easily be exploited to take control of vulnerable systems across the world.
This is a full-blown international security meltdown, affecting digital systems across the internet.
Some Hackers have already developed tools that automatically attempt to exploit the bug, as well as worms that can spread independently from one vulnerable system to another under the right conditions.
“Log4j is a Java library, and while the programming language is less popular with consumers these days, it’s still in very broad use in enterprise systems and web apps. Researchers told WIRED on Friday that they expect many mainstream services will be affected…”
PCMag explains it this way:
“Log4j is different. It’s not an operating system, or a browser, or even a program.
Rather, it’s what coders call a library, or a package, or a code module. It serves one purpose—keeping a log of what happens on a server.”
“It’s a design failure of catastrophic proportions,” says Free Wortley, CEO of the open source data security platform LunaSec.
Researchers at LunaSec published a warning and initial assessment of the Log4j vulnerability
“Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We’re calling it “Log4Shell” for short.
Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, as well as apps like Minecraft, have already been found to be vulnerable.
An extensive list of responses from impacted organizations has been compiled here.“
There’s not much that average internet users can do, other than be aware and install updates for various online services that they use whenever they’re available.
Most site owners must hope that their hosting, and web developers are experienced and know what and where to look for ( and fix) these malicious attacks.
Most of the remedy work to be done will have to be on the ‘Enterprise’ side, as companies and organisations scramble to implement and release fixes.
This current situation highlights the real challenges of managing risks within interdependent enterprise software
Just as Minecraft did, many organizations will need to develop their own patches
The United States Cybersecurity and Infrastructure Security Agency issued an alert about the vulnerability, as did Australia’s CERT.
New Zealand’s government cybersecurity organization alert noted that the vulnerability is reportedly being actively exploited.
Do you have concerns about your site and security OR you are not sure WHO is supposed to be looking after this?
Who is updating your site and checking/testing every month? If the answer is “no one” or “not sure” you need to talk with us.
Contact Jumpstart Matrix now or Book a Free call