The cybersecurity world is investigating implications of a vulnerability discovered around the log4j code, which is used heavily across the internet to allow software applications to “log” activities. Hackers have discovered a way to log a line of malicious code and access servers that run log4j. Companies like Google, Amazon, and IBM are impacted by this vulnerability.
Wake Forest Information Security has identified internal applications running the impacted versions of log4j and have taken remediation steps. IS notified campus IT partners of this vulnerability in December and are assisting in identifying and remediating risk to partner’s systems and services. IS also contacted third party service providers to understand their impact and remediation efforts, if any.
Wake Forest has defenses in place to protect our campus from vulnerabilities like this, including installing antivirus on managed computers (Cisco Secure Endpoint), continually updating our network firewalls, and leveraging Cisco detection services (Umbrella).
Attackers can deliver malicious code through the front-end of websites and phishing emails/ text messages. We encourage you to take the following actions to better protect yourself:
- Be mindful of phishing messages – review the sender information, make sure it is coming from a legitimate company or person, check the message for typos, and beware of attachments
- Confirm URLs when visiting website – be mindful of misspellings or extra letters/numbers
- Make sure software applications are up to date.
- Ensure multi-factor authentication is enabled on all of your accounts and don’t repeat passwords
- View your Wake Forest email in the Gmail web interface or Gmail app on your mobile device to leverage warning banners across suspicious messages
- Leverage an antivirus on personal devices (Checkout sophos available on software.wfu.edu)
IS will continue to monitor the remediation efforts with internal and external partners.
If you have questions concerning this message or need assistance, please contact the Information Systems Security Team at email@example.com.