.gif)
.gif)
.png)
.gif)
Reported Ransomware Incidents in UK Doubled in 2023
A Freedom of Information request has revealed that there was a resurgence in ransomware-related incidents following a quieter 2022. In the first six months...
Read Full Article
The Leading News & Information Service For The Facilities, Workplace & Built Environment Community
Critical Log4j Vulnerabilities Affect Real Estate Software
17 December 2021
Critical vulnerabilities in open-source software pose potential risks for a wide range of businesses, governments and individuals.
Log4shell, the vulnerability within the widely-used logging tool Log4j, means that anyone who uses Log4j to catalogue activity in their software applications or online services is at risk.
In the case of real estate software and PropTech, this could mean sensitive data such as floorplans, occupancy or budget information open to nefarious sources.
Apple, Minecraft, IBM, Cisco, Google and Amazon all use Log4j, and the issue was initially disclosed on December 9, 2021.
The “Most Severe Computer Vulnerability in Years
The National Cyber Security Centre is calling Log4shell “potentially the most severe computer vulnerability in years.” They also state that, If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.
Esri UK, who provides indoor mapping software for facilities managers, has informed their customers that they are actively investigating the impact of the Log4j 2 library critical vulnerabilities, as some Esri products contain this common logging tool.
Esri’s GIS mapping tool is used by organisations such as Oxford University, Westminster City Council and The British Red Cross.
Oracle, AWS and Cloudflare have all issued advice to their customers.
What’s The Guidance For Dealing With the Log4j Bug?
The NCSC has issued the following guidance for board members of large businesses: https://www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be-asking
The Cybersecurity and Infrastructure Security Agency is also keeping developers informed on the issue: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
Picture: a photograph showing a laptop's keyboard.
Article written by Ella Tansley | Published 17 December 2021
Share
Related Tags
Related Articles
Deepki Acquires VINCI Subsidiary Nooco
ESG Platform Deepki has acquired French SaaS business Nooco, a company created by VINCI Energies. Nooco measures and optimises the carbon footprint of building...
Read Full ArticleSpotlight Interview – Francis West | Security Everywhere
Francis West is CEO of Security Everywhere, a company which helps SMEs to secure their money, data and reputation with managed security services. Francis is a trusted...
Read Full ArticleInterserve Fined £4.4m for Failure to Keep Staff Details Secure
The UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack. The Information Commissioner’s...
Read Full ArticleHow to Identify and Address IoT Security Weaknesses
Data-driven facilities management is now the expected norm, but security concerns about IoT systems still remain amongst FMs and tenants. The Internet of Things (IoT)...
Read Full ArticleNHS IT Services Supplier Victim of Ransomware Attack
It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...
Read Full ArticleSmart Buildings at Increased Risk of Cyber Attacks, Says Verdantix
The operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...
Read Full ArticleBESA Tightens Security After Fraud Incident
The Building Engineering Services Association (BESA) says it has carried out a thorough review of the security procedures behind its online training schemes...
Read Full ArticleFacilio Launches Connected CMMS
Facilio has announced the launch of Connected CMMS, reportedly the only software platform to consolidate all property maintenance, client engagement, vendor management,...
Read Full ArticleBritish Land to use SAAS Solution Throughout Retail Portfolio
PlanRadar has announced a new partnership with British Land, one of the UK’s largest property development and investment companies. From May 2021,...
Read Full Article.png)
.png)
.jpg)
.jpg)
