Many people dream of becoming entrepreneurs, and often the biggest...
Letting technology do the heavy lifting for certain monotonous tasks...
Accurate accounting is the bedrock of any successful...
Distinguishing between independent contractors (1099) and employees (W-2)...
January 13, 2022
Check Point Research identified a whopping 50% uptick in weekly cybersecurity attacks on business networks in the fourth quarter of 2021 versus 2020, a figure the cybersecurity firm said was exacerbated by the Log4j vulnerability discovered in December.
Log4j is a popular open-source Java logging library developed by the Apache Software Foundation. It is used by developers to record what happens in their software applications or online services. A software vulnerability in Log4j, disclosed in December and also known as Log4Shell, has gained broad attention for posing a severe risk to millions of applications and devices across the globe.
Microsoft reports that Log4Shell can be used to break into systems, steal passwords and logins, extract data and infect networks with malicious software. Enterprise software developer Red Hat assigned Log4Shell a 9.8 severity score out of possible 10 on the Common Vulnerability Scoring System, while the National Institute of Standards and Technology rated Log4Shell its highest severity score, 10.
Security experts warn that attackers are making hundreds of thousands of attempts to find vulnerable devices. Any device with internet access is at risk if it’s running open-source logging Log4j library, version 2.0 to 2.14.1.
Although the Log4j library is used worldwide in millions of software applications and online services, it makes systems vulnerable by allowing attackers to execute code remotely on a target computer to spread malware, steal data and take control.
Minecraft servers were the first to face Log4j exploitation via a malicious string entered through its chat box. Malignant text entered in the username box on web applications, like Apple iCloud, can also lead to compromise. Although fixes have been issued, organizations still need time to identify exploited areas or potential threats and implement the measures.
Several national cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Centre, have issued warnings to take immediate measures against the Log4j vulnerability.
“We will only minimize potential impacts through collaborative efforts between government and the private sector,” said CISA Director Jen Easterly. “We urge all organizations to join us in this essential effort and take action.”
Measures undertaken by major tech firms to detect, mitigate Log4J vulnerability:
1. NCC Group offers paid tools for businesses to test Log4j vulnerability. 2. Microsoft released guidance on preventing and detecting Log4j exploitation. 3. IBM issued guidance for its customers. 4. Oracle issued a patch to avoid Log4j exploitation. 5. Amazon web services announced it is working on patching services. 6. Cisco released rules to detect exploitation and patches for its affected products.
Any organization affected by the Log4Shell flaw should upgrade Log4j to version 2.16.0, which Apache released on Dec. 13.
Our team is made up of seasoned professionals who bring years of industry experience to the table. You gain a trusted advisor who understands your business inside out.
Say goodbye to the hassles of hiring, training and managing in-house finance teams. You will never have to worry about unexpected leave of absence or retraining new employees.
Whether you’re a small business or a global powerhouse, our solutions scale with your needs. We eliminate inefficiencies, reduce costs and help you focus on growing your business.
Accurate accounting is the bedrock of any successful business operation. Yet, medium-sized businesses—those that have grown beyond the small-business stage...
Distinguishing between independent contractors (1099) and employees (W-2) is a pivotal compliance matter for U.S. businesses. Misclassification can result in...
Spring symbolizes renewal, making it an apt metaphor for startups aiming to secure fresh capital to fuel their next growth...
Payroll is more than just issuing paychecks—it’s a complex, high-stakes process that can significantly impact employee satisfaction, legal compliance, and...
For startups seeking sustainable growth, every quarter provides a treasure trove of data—but Q2 data can be particularly revealing. By...
By the time Q2 rolls around, many startups have a clearer picture of their performance and market positioning compared to...
For many startups, the summer months can be a dual-edged sword. On one hand, warmer weather and looming vacations can...
Tax season often triggers stress and complexity—especially for startups laser-focused on building products, acquiring customers, and scaling operations. Yet savvy...
The halfway mark of any given year is more than just a date on the calendar; it’s a valuable checkpoint...