Consult PR

consultpr email marketing

consultpr email marketing

consultpr email marketing

consultpr email marketing

consultpr email marketing
consultpr email marketing

What You Need To Know About The Log4J Hack

StaffDecember 2021

Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks. If you’ve never heard of it, check out this article for a more simplistic breakdown of what it is and what it does. 

On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified as being exploited in the wild. The vulnerability first became publicly known when a security researcher shared a proof of concept exploit of the then-unknown bug on Twitter Thursday morning. Since then, the bug was assigned a CVE(Common Vulnerabilities and Exposures) and has already been used in attacks, according to reports from New Zealand's Computer Emergency Response Team (CERT), Cloudflare and others.

Microsoft Corp and Cisco Inc have published advisories about the flaw, and software developers released a fix late last week. But a solution depends on thousands of companies putting the fix in place before it is exploited.

“This is probably the worst security vulnerability in at least the last 10 years — maybe longer,” said Charles Carmakal, the chief technology officer for cybersecurity firm Mandiant Inc. He said Mandiant received requests from several major companies in the last few days for help.

So what does this all mean? Many programers have used log4j in the past few years, for both server and client applications. This vulnerability therefore poses a threat to us all, from large companies like Amazon to smaller companies like us, Consult PR. As it currently stands, we have not had any clients affected by this vulnerability. The cPanel Solr plugin is the only software provided and supported by cPanel that contains log4j. Both of our live and dev servers have this plugin installed, but the yum update cpanel-dovecot-solr command has been run to update this plugin to patch this vulnerability on all our servers.

We wouldn’t usually present you with this level of technical jargon, but our company is open and honest and we want you to know what’s happening and that we are on it. Unfortunately, this vulnerability is one that will require the combined efforts of large-scale developers, like those at Amazon and Microsoft, and small-scale developers. Rest assured that we are staying up to date with the developments and are doing everything within our reach to ensure your sites, applications and software are safe. Please reach out to us if you have any further questions. We are here for you.

consultpr newsletter

consultpr email marketing