Video Transcription

Critical Log4j vulnerability still a cause for concern

The critical Apache Log4j vulnerability was disclosed back in December 2021, but it remains a cause for concern here in 2022. It’s already been used to attack education institutions, a national defense ministry, and businesses beyond counting. The US Federal Trade Commission is even threatening certain organizations with legal action if they do not patch. The FTC said recently: “It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers”. Despite the high-profile headlines boosting awareness, many businesses just don’t know if their systems are affected by this critical flaw.

You can use Defense.com™ to help with this. Our vulnerability scanning engines are always up-to-date with the latest threats, so our scans can quickly let you know all the disclosed vulnerabilities that your systems are subject to, including Log4Shell. Defense.com™’s threat dashboard also prioritizes threats, so you know what you need to fix first.

Compromised credentials

Over 1 million online accounts were compromised recently, in a spate of credential-stuffing attacks against 17 different companies. Credential stuffing attacks are often successful thanks to poor password hygiene, including reusing passwords and having easy-to-guess passwords, like these. With an estimated 15 billion stolen credentials available on the Internet, credential stuffing attacks can quickly let hackers into your business.

One solution to this password problem is to use Defense.com™’s security training. It will help your employees remember to use strong, unique passwords across all their online accounts. There’s also the superb Have I Been Pwned service, which will let you know if your email has been included in a data breach. I recommend you visit it now.


Let us help secure your business today

As always, for more information on how to manage threats facing your business, get in touch with our friendly team.