Read our updates regarding the vulnerability and the measures we implement for customers with cloud services here: https://status.braathe.no/incidents/spckylf78xbh

What does the vulnerability that was notified mean and how can they affect you?

On Friday morning, the National Security Authority went out through the Norwegian Cyber ​​Security Center and warned of critical vulnerabilities in a land program called Apache Log4j. All sectors in Norway are at risk, because the program is so widespread in use.

A critical vulnerability can, simply explained, be when software has vulnerabilities that allow someone with malicious intent to quickly break through and gain access to leave malware or retrieve sensitive data. When a software vendor announces that they have a new update that has removed such vulnerabilities in their software, there is often a kind of "race" where criminals will try to exploit the vulnerability before this latest update is in place for anyone using the software in question. . Thus, the faster you get to update to the latest version, the better. In the transition phase, one must exercise great caution when using the software in question, and may even often turn off systems that use outdated versions.

For comparison, you can think of your cell phone. Your vendor regularly sends out updates that they want you to complete. Often there are only small adjustments and improvements, but very often it is just to close various safety holes.

For you as an individual or employee in a company, this will not necessarily affect you to any great extent, but the next few days will probably be characterized by internal checks on software, etc. Apart from that, we recommend thinking through your own routines regarding digital security such as password hygiene. , two-factor authorization and much more. Feel free to read more about it here.

What should I or my employer do?

We have sent out our measures to affected customers who use our cloud services.

For those of you who are unsure of where you stand in a crisis like this, we recommend conducting a vulnerability scan as soon as possible. This is something we offer through our consulting services. Such a scan will identify any weaknesses you have in your systems and your digital security within the organization. Contact us if this is relevant to you.

In addition, we would recommend following the warnings from the Norwegian Security Authority (NSM) closely until the vulnerabilities have been removed. They follow you here.

About Apache Log4j

The software in question is a component that is integrated into many Java-based third-party programs and services that are very much used by companies in Norway. Since it is an integrated component, it is not uncommon for you not to know the name or where it is integrated. There are many companies that have not been aware that they were exposed to the critical vulnerability over the weekend.

What happens in the future?

In the coming weeks, the situation will be closely monitored both by us and naturally enough by the National Security Authority. For many Norwegian companies, it will take time before vulnerable versions are cleared away, and you as an individual will be able to experience some malfunctions in your programs in the future due to Apache Log4j's function. Other than that, it will not affect you to any great extent.

Do you have any questions or concerns regarding this event? Contact us at support@braathe.no.

Source: National Security Authority, article published on NSM.no 12.12.2021. Read the full article and other alerts here: Critical security hole in Apache Log4j - what does it mean?