Cybersecurity Advisory: Log4j Vulnerability

Apache Log4j LogoSMU has been actively reviewing all systems and associated third-party services following the alert issued by the United States Cybersecurity and Infrastructure Agency (CISA), highlighting a vulnerability in Log4j. Log4j is an open source software package created by the Apache Foundation to record activity within an application. Continue reading Cybersecurity Advisory: Log4j Vulnerability

Log4Shell Vulnerability Impacts Systems Across the Internet

Apache Log4j LogoOn December 9, 2021, a vulnerability in the popular Java logging library Log4j—used by developers of web and server applications around the world—was discovered and made public. The zero-day vulnerability allows for code to be run remotely by sending a malicious code string, allowing a hacker to take control. Published the next day in the National Vulnerability Database as CVE-2021-44228, it is already being exploited in the wild across Windows, Linux, macOS and devices. Teams across the internet are working to patch enterprise systems and web apps to protect against these critical zero-day exploits. Even games like Minecraft can be impacted, leading Microsoft to post instructions on how players of the Java version can patch their systems.  Of course, our Security Team is aware of the issue and reviewing SMU systems to determine impact.  Continue reading Log4Shell Vulnerability Impacts Systems Across the Internet