The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Critical Log4j Vulnerabilities Affect Real Estate Software

Critical Log4j Vulnerabilities Affect Real Estate Software
17 December 2021
 

Critical vulnerabilities in open-source software pose potential risks for a wide range of businesses, governments and individuals.

Log4shell, the vulnerability within the widely-used logging tool Log4j, means that anyone who uses Log4j to catalogue activity in their software applications or online services is at risk.

In the case of real estate software and PropTech, this could mean sensitive data such as floorplans, occupancy or budget information open to nefarious sources.

Apple, Minecraft, IBM, Cisco, Google and Amazon all use Log4j, and the issue was initially disclosed on December 9, 2021.

 

The “Most Severe Computer Vulnerability in Years

 

The National Cyber Security Centre is calling Log4shell “potentially the most severe computer vulnerability in years.” They also state that, If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

Esri UK, who provides indoor mapping software for facilities managers, has informed their customers that they are actively investigating the impact of the Log4j 2 library critical vulnerabilities, as some Esri products contain this common logging tool.

Esri’s GIS mapping tool is used by organisations such as Oxford University, Westminster City Council and The British Red Cross.

Oracle, AWS and Cloudflare have all issued advice to their customers.

 

What’s The Guidance For Dealing With the Log4j Bug?

 

The NCSC has issued the following guidance for board members of large businesses: https://www.ncsc.gov.uk/blog-post/log4j-vulnerability-what-should-boards-be-asking

The Cybersecurity and Infrastructure Security Agency is also keeping developers informed on the issue: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

Picture: a photograph showing a laptop's keyboard.

Article written by Ella Tansley | Published 17 December 2021

Share



Related Articles

Security Everywhere – Cyber Security Essentials Q&A Part Three

In Part 3 of our cyber security Q&A, Sheldon Reynolds talks us through the danger of reusing passwords and what happens on the dark web.  According to data...

 Read Full Article
The Rise of Impersonation Attacks – How Businesses Can Safeguard Their Emails

The cyber threat landscape is evolving at an alarming rate, and there's a new player in town that's causing mayhem in inboxes: impersonation attacks. In this...

 Read Full Article
Security Everywhere – Cyber Security Essentials Q&A Part Two

In Part 2 of our Q&A with cyber security expert Francis West, we discuss simple actions we can all take to be more cyber safe, what to do if you receive a suspicious...

 Read Full Article
Security Everywhere – Cyber Security Essentials Q&A Part One

Learn more about the realities of cyber crime in this Q&A with cyber security expert Francis West. From Whatsapp fraud to investment scams, cyber crime has...

 Read Full Article
UK Data Centres Designated as Critical Infrastructure

UK data centres are now classed as critical national infrastructure, the same status associated with energy supply, water supply, transportation, health and...

 Read Full Article
Worldwide IT Outage – What We Know So Far

A major IT outage caused major disruptions at airports, GP surgeries, and retail stores. Computer systems across the world crashed, experiencing the “Blue...

 Read Full Article
Reported Ransomware Incidents in UK Doubled in 2023

A Freedom of Information request has revealed that there was a resurgence in ransomware-related incidents following a quieter 2022.   In the first six months...

 Read Full Article
Deepki Acquires VINCI Subsidiary Nooco

ESG Platform Deepki has acquired French SaaS business Nooco, a company created by VINCI Energies. Nooco measures and optimises the carbon footprint of building...

 Read Full Article
Spotlight Interview – Francis West | Security Everywhere

Francis West is CEO of Security Everywhere, a company which helps SMEs to secure their money, data and reputation with managed security services. Francis is a trusted...

 Read Full Article
Interserve Fined £4.4m for Failure to Keep Staff Details Secure

The UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack. The Information Commissioner’s...

 Read Full Article