Weakness in commonly-used software component being used by attackers.
A serious weakness has been discovered in a software component widely used by businesses and organisations.
The Java software component called Log4j has a vulnerability which means attackers can use it to illegally access systems and services. It features in many Java applications and services, and any businesses that use it could be at risk.
What to do
CERT NZ strongly recommends businesses:
- update software as soon as possible, as attackers are already exploiting the vulnerability.
- contact their IT service provider or seek assistance from one. Request they check if you use Log4j , and make sure they apply the necessary updates to prevent your systems and services from being affected.
Please share CERT NZ’s Log4j advisory for IT professionals with your IT service provider, it includes information for them on what to look for and what updates to apply.