Log4j Vulnerability Update
Pearson-Kelly Technology is responding to an active, widespread exploitation of a critical remote code execution (RCE) vulnerability in a Java-based software library known as “Log4j” or “Log4Shell.”
Log4j is an open-source Java-based logging software library many developers use to record activity within consumer and enterprise applications. Hackers are actively scanning for affected systems to exploit this vulnerability.
Our team is working to remotely update and patch any known vulnerabilities in your environment.
This vulnerability's widespread scale and complexity make it challenging to pinpoint affected systems. Many vendors are still investigating if their products use the Log4j library.
As we’re addressing known vulnerabilities, you should contact your vendors to identify if their systems were impacted. If they were, create a ticket by completing a support request form, emailing support@pearsonkelly.com , or calling 877.834.8108.
We appreciate your patience and understanding as we work to secure our clients as quickly as possible.
What You Should Be Doing
First, reach out to all your vendors. Are their software products vulnerable to the Log4j exploit? What are they doing about it? If they’ve released a patch, update your system or reach out to our helpdesk team if it’s a covered system for us to update. If they don’t have a patch, ask about their timeline and when you can expect to update your system.
Next, check your backup and disaster recovery solutions. Are your backups recording correctly? If someone were to access your system or network through the Log4j exploit and lock down your systems, would you be able to recover that data? Ensure you know where your backups are and how to access them in case of a data breach or cyberattack.
