According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library.
Read the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)’s guidance on the Log4j vulnerability here.
In response to this threat, businesses should, at a minimum, take the following steps:
- Immediately identify any systems potentially vulnerable to the Log4J attack
- Identify any software using Log4J version 2.15.0 or earlier and immediately ensure it is not being used in any production systems and patch with updated security corrections
- Identify applications that are vulnerable to this attack and use log detection to determine if you have been subject to the attack
Please feel free to reach out to the authors or a member of Faegre Drinker’s Privacy, Cybersecurity and Data Strategy team with any questions or inquiries.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.
