A vulnerability in the open-source Apache logging library Log4j, a commonly used library, is being actively exploited for attacks globally. It is recommended by NSM (Nasjonal Sikkerhetsmyndighet / National Security Authorities) to do a search and consider disabling systems until they have been patched and fixed.
[acf_forfatter]
It is recommended by NSM (Nasjonal Sikkerhetsmyndighet / National Security Authorities) to do a search and consider disabling systems until they have been patched and fixed. We have seen in the news that both Brønnøysundregisteret and Altinn have disabled systems and availability have been affected.
More general news about the vulnerability can be read here: The Log4J Vulnerability Will Haunt the Internet for Years | WIRED
For systems we are delivering to our customers, Mercatus Farmer, Future, Finance, Vet, Knowledger, Feedstation and Vision, we do not see any risk and we are informing customers about this.
IT have run scans on nearly all servers, with only a few remaining. On some systems we are seeing that the component is in use. However, the servers are not exposed to the internet so this gives us time to talk to vendors in order to request updates of their software without shutting down any services.
Some SQL libraries do have this but are not enabled by default; we are verifying they have not been enabled. Hult og Lillevik has this library, however when checking with Visma it is stated not affected.
Database server for AX, Hult og Lillevik and Handyman has this library and again verifying if enabled.
Some servers have backup software that use the library and we will patch when available. However, none of these should be accessible from the internet.
This means we are safe for the time being, but it serves as a reminder to us all about the importance of our internal guidelines regarding online security:
Best wishes,
Arne Hagesæter, Internal IT
[kontaktperson_single]
A vulnerability in the open-source Apache logging library Log4j, a commonly used library, is being actively exploited for attacks globally. It is recommended by NSM (Nasjonal Sikkerhetsmyndighet / National Security Authorities) to do a search and consider disabling systems until they have been patched and fixed.
[acf_forfatter]
It is recommended by NSM (Nasjonal Sikkerhetsmyndighet / National Security Authorities) to do a search and consider disabling systems until they have been patched and fixed. We have seen in the news that both Brønnøysundregisteret and Altinn have disabled systems and availability have been affected.
More general news about the vulnerability can be read here: The Log4J Vulnerability Will Haunt the Internet for Years | WIRED
For systems we are delivering to our customers, Mercatus Farmer, Future, Finance, Vet, Knowledger, Feedstation and Vision, we do not see any risk and we are informing customers about this.
IT have run scans on nearly all servers, with only a few remaining. On some systems we are seeing that the component is in use. However, the servers are not exposed to the internet so this gives us time to talk to vendors in order to request updates of their software without shutting down any services.
Some SQL libraries do have this but are not enabled by default; we are verifying they have not been enabled. Hult og Lillevik has this library, however when checking with Visma it is stated not affected.
Database server for AX, Hult og Lillevik and Handyman has this library and again verifying if enabled.
Some servers have backup software that use the library and we will patch when available. However, none of these should be accessible from the internet.
This means we are safe for the time being, but it serves as a reminder to us all about the importance of our internal guidelines regarding online security:
Best wishes,
Arne Hagesæter, Internal IT
[kontaktperson_single]
