The Video

 

In Simple Terms...

Log4j is an open source logging framework from the Apache Foundation. Its primary purpose is to facilitate application logging for web applications. What makes it dangerous is the ability to execute arbitrary commands on the server, simply by submitting a particular string to a field that the application then stores in the log file(s). For example, renaming your iPhone to the exploit string can trigger the vulnerability on Apple's iCloud servers. Hopefully this is fixed by now.Coupled with an extensive amount of adoption from large and small companies alike, this simple exploit is being abused in the wild by malicious actors. Problems range from:

  • Data disclosure
  • Remote Code Execution (RCE)
  • Server takeover
  • Denial of Service (DoS)

An iPhone device information screen with name changed to contain the exploit string. Image: Cas van Cooten / Twitter

Consumer Actions

Be aware that many breaches are likely to stem from this and will trickle out over the coming weeks and months. The attack surface is extremely large and thus the total damage is difficult to estimate at this time. We'll keep our post updated as new information becomes available. If you have specific concerns, please use the contact form (top right corner of this page) to reach out to us.

You may also like

Social Media & Identity Theft
Social Media & Identity Theft
21 January, 2025

The Video Key Takeaways Make sure you review your privacy settings on all of your social media platforms. Some of these ...

Hackers Target Philadelphia Law Enforcement Officers
Hackers Target Philadelphia Law Enforcement Officers
21 January, 2025

"It's Tough When You're Trusting A Criminal!" Ransomware recently targeted Philadelphia based company, "Law Enforcement ...