It’s a new year, filled with opportunity and optimism and just being a better person. Except for hackers. They continue to wreak havoc throughout our connected world, and their new target is the logging function, Log4j. Log4j is managed by Apache Software Foundation and is an open source, Java-based logging library, which means that thousands of applications, libraries, and frameworks worldwide could be affected.
Web security company Cloudflare reports that its researchers are watching about 1,000 attempts PER SECOND in an effort to exploit this flaw, a hole in the software design that allows attackers to take control of servers and install malware, steal confidential information, mine digital currency, or initiate a denial of service. If you are connected to the internet, you are a target.
Apache has developed a solution (described here in detail: https://blogs.apache.org/foundation/entry/apache-log4j-cves) but the gist is that users should update any software you are using immediately. So today, when your computer asks “An upgrade is available. Install now?” Click YES. The five minutes it takes to apply a patch could save you money, time, and a lot of headache.