Alerts

We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

1:45pm, 13 December 2021

TLP Rating: Clear

Weakness in commonly-used software component being used by attackers.

A serious weakness has been discovered in a software component widely used by businesses and organisations. 

The Java software component called Log4j has a vulnerability which means attackers can use it to illegally access systems and services. It features in many Java applications and services, and any businesses that use it could be at risk.

What to do

Prevention

CERT NZ strongly recommends businesses: 

  • update software as soon as possible, as attackers are already exploiting the vulnerability.
  • contact  their IT service provider or seek assistance from one. Request they check if you use  Log4j , and make sure they apply the necessary updates to prevent your systems and services from being affected.

Please share CERT NZ’s Log4j advisory for IT professionals with your IT service provider, it includes information for them on what to look for and what updates to apply.

More information

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.