NRTC Managed Services distributed a notice to members urging them to protect themselves from a vulnerability detected in “Log4j” software. Hackers have found a weakness that could affect many applications and web sites, and potentially puts “hundreds of millions of devices at risk,” according to the notice. NRTC advises its members to follow government recommendations released by the Cybersecurity and Infrastructure Security Agency (CISA).
“To be clear, this vulnerability poses a severe risk. We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action,” CISA Director Jen Easterly said in a statement.
CISA emphasized the need for software vendors and their clients to communicate with each other. Vendors must develop and distribute patches for many different devices. Vendors also must help end users determine which devices contain the vulnerability and assist with mitigating actions.
The Apache Software Foundation manages Log4j, which is an open source, Java-based logging library. The vulnerability could put users at a heightened risk from ransomware, denial of service and other forms of cyberattack. Apache has developed a security solution, which it describes in a blog post.
NRTC asks members seeking more information to contact their regional business manager or member executive.