Saturday, September 24, 2022

Security advisory released about logging utility

The U.S. Cybersecurity & Infrastructure Security Agency recently released a security advisory related to a specific logging utility (Log4j) that is embedded in a variety of software enterprise applications.

Log4j is very broadly used in a variety of consumer and enterprise services, websites and applications – as well as in operational technology products – to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.

An update to address this vulnerability was released earlier this week. However, for the vulnerability to be remediated in products and services that use affected versions of Log4j, the vendors that provide the products and services that incorporate Log4j software must implement this security update. Institutions are encouraged to ask their vendors about the applications they provide as to whether their applications are impacted, and, if so, have updates have been applied.

Visit Apache Log4j Vulnerability Guidance | CISA to read more about the LOG4 vulnerability from the US Cybersecurity & Infrastructure Security Agency.

BankOnIT limits the use of outside vendors in serving their clients and does not utilize Log4j in its applications. This decision is part of a layered security approach to protect against existing and evolving threats. If you would like to learn more about BankOnIT’s response to this and other cybersecurity issues, visit www.bankonitusa.com or contact them directly at 405-653-1920.