The National Cyber Security Centre has issued an alert regarding active scanning within the UK for the Apache Log4j 2 vulnerability.    Apache Log4j 2 is an open source Java logging library which is used in many applications, including some cloud services.  Version 1 of the Apache Log4j library is no longer supported and developers should be moving to Version 2.  Version 1 has several security vulnerabilities and if you have systems using this version, you should be taking action to mitigate the vulnerabilities in your network.

RedMosquito have addressed this issue within our internal systems and have installed all the applicable updates.  Apache initially  released a patch for the security vulnerability, a second patch has already been issued and we are monitoring this situation closely for any further developments.

Software vendors may contact you to recommend mitigation actions or install updates.  If you are a RedMosquito IT Support customer then please forward these emails onto our Service Desk and we will be in touch to advise on next steps.  We always recommend a multi -layered approach to cyber security, with patch management being a key element.   If you are not a current customer of RedMosquito please contact us and we will advise on the IT Security services we provide.

We always recommend a multi -layered approach to cyber security, with patch management being a key element.