For your urgent attention: your system may be compromised.
There is a cyber security vulnerability making headlines worldwide that should be discussed with your IT or cyber security team as a matter of urgency.
You may have heard about a serious new vulnerability uncovered over the weekend, known as Apache Log4j, and published as CVE-2021-44228.
According to the Australian Cyber Security Centre (ACSC):
A critical vulnerability (CVE-2021-44228) exists in certain versions of the Log4j library. A malicious cyber actor could exploit this vulnerability to execute arbitrary code and compromise systems and networks.
Australian organisations should apply [the] latest patches immediately where Log4j is known to be used.
If you are a developer of any affected software, the ACSC advises early communication with your customers to enable them to apply mitigations and install updates where they are available. If you are an individual it is recommended that you update your device software as soon as possible.
As of 14 December 2021, the ACSC is aware of [the] targeting and compromise of organisations using this vulnerability globally and in Australia.
Malicious cyber actors have used this vulnerability to target and compromise systems globally and in Australia. As of 15 December 2021, the ACSC has published an advisory regarding mitigation and detection recommendations. This advisory is frequently updated with latest in-depth guidance for organisation based on ACSC knowledge of this evolving situation.
The ACSC has labelled this situation as CRITICAL. We recommend forwarding this information, including this page on how to manage this threat, to your security team as soon as possible.
Alternatively, if your business has been impacted or if you require further assistance, you can contact the ACSC directly by calling 1300 CYBER1.
If you are looking for protection against the financial costs of a cyber threat, don’t hesitate to contact us for more information on Cyber Insurance.
This article was written by Tony Venning,
Managing Director at Crucial Insurance and Risk Advisors.
For further information or comment please email info@crucialinsurance.com.au.
Important Disclaimer – Crucial Insurance and Risk Advisors Pty Ltd ABN 93 166 630 511. This article provides information rather than financial product or other advice. The content of this article, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date articles are written as specified within them but is subject to change. Crucial Insurance, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. All information is subject to copyright and may not be reproduced without the prior written consent of Crucial Insurance.