On Thursday, December 9, a serious vulnerability was discovered in a widely used Java logging library called “log4j.” This library is used by many software applications, including many website platforms, to log information. The vulnerability can allow a hacker to take control of a server or personal computer remotely.
Because this code library is so widely used, and because the vulnerability is easy for malicious parties to exploit, the impact of the issue (possible full server control) is quite severe.
The issue has moved to the top of the industry’s critical vulnerabilities list, and our team of cybersecurity experts (along with other industry leaders) has been working to solve the issue since it was discovered.
The website cybersecurity team at Classy Llama has been hard at work identifying ways in which Magento eCommerce sites might be impacted, and documenting important processes for reinforcing vulnerabilities caused by this issue.
We are taking this very seriously, and have deployed our team of experts to mitigate any attacks, identify risks, and engage preventive measures.
Magento as a whole platform is not believed to be affected by this vulnerability. However, some of the services used on Magento sites may be. That’s why the Classy Llama team is focusing our efforts on identifying the specific ways in which Magento platform sites could be impacted.
At this time, the services with known Log4j vulnerabilities in Magento are:
This list may expand as more investigation and correction efforts are applied.
Our team is continuing to evaluate the extent to which Magento eCommerce sites may be affected by the Log4J vulnerability. We are compiling regular updates and will be sharing those consistently via our email and social media channels. Our security team also hosted a webinar for current clients outlining the issue and our current plan for mitigation. A replay of that webinar is available here:
Let our cybersecurity team help you identify and eliminate vulnerabilities like this on your site.
The emergence of the Log4j vulnerability is yet another reminder that strong website security is essential to a healthy eCommerce business. Find peace of mind knowing our cybersecurity experts have got you (and your site) covered. With our Foundations package of services, our cybersecurity team will assess several key areas of your site to help you manage the risk of vulnerabilities like this one before they happen.