The last thing that anyone who manages IT systems wants to hear about is a new vulnerability. At best an annoyance and at worst a full-fledged disaster, computer vulnerabilities pose a security risk to any online environment since they allow bad actors to breach systems and access classified data or perform unauthorized tasks.
Recently, a serious vulnerability was uncovered in the Java-based logging library Apache Log4j. In this article, we will go over what you should know about this vulnerability and what Y Soft is doing to ensure the safety of your printing infrastructure.
What is the Log4j Vulnerability?
On December 9, 2021, a concerning vulnerability in the Java-based logging package Log4j was discovered by Chen Zhaojun from Alibaba’s Cloud Security Team. This vulnerability allowed attackers to deploy code on a remote server, an action known as a Remote Code Execution (RCE).
Since the discovery of this vulnerability, which you may also hear referred to as “Log4Shell”, “LogJam,” the “Apache exploit,” or the “Apache vulnerability,” bad actors have already made infiltration attempts in the millions. One of the most troubling parts of this vulnerability is that it leaves a window of opportunity so wide that even hackers of low skill levels can infiltrate.
The Log4Shell vulnerability is severe and has been given a rating of 10 by the Common Vulnerability Scoring System (CVSS), which is the highest possible score. It is a zero-day vulnerability, which means that hackers discovered it before internal teams knew its existence.
What Does the Log4j Vulnerability Mean for SAFEQ Cloud?
Like most cloud services, Y Soft’s SAFEQ Cloud service relies on Log4j version 2 to log software information and record application activity. This is a common practice by most companies worldwide that use cloud technology.
Thankfully, Y Soft has existing processes in place to deal with vulnerabilities. This, combined with the expertise of our efficient internal team, allowed us to react very quickly to the discovery of the Log4shell vulnerability. We have addressed this critical issue in update 3.18 of SAFEQ Cloud. All partners who rely on our SAFEQ Cloud secure printing software are strongly advised to update their gateways to 3.18 at this time.
All secondary SAFEQ Cloud gateways can be upgraded remotely from the SAFEQ Cloud admin web user interface. For customers relying on private cloud installation, it’s possible to do simple over-the-top upgrades. For more information on this and updating secondary gateways, refer to the SAFEQ Cloud installation and configuration guide (must be logged into Partner Portal).
Important note for Y Soft mobile users: while Y Soft Mobile also relies on Java-based software, it uses a different version of Log4j (Log4j version 1). This version is not vulnerable to the Log4j security flaw, and we will keep our partners informed if a recommendation for updated changes.
Keep Your Print Security Up-to-Date with SAFEQ Cloud
Serious security vulnerabilities make the importance of a cloud-based managed print solution more apparent than ever. With options for remote management, high-security standard compliance, and secure pull printing, SAFEQ Cloud from Y Soft remains the most valuable way to ensure that your printing infrastructure remains safe and out of the reach of potential hackers.
It is highly recommended that existing customers who are running SAFEQ Cloud in private clouds or who have SAFEQ Cloud secondary gateways update their print environment to protect sensitive information.
For those not running a cloud-based print system, your print environment is becoming more vulnerable with every print job. Reduce your risk by switching to the latest SAFEQ Cloud version and take advantage of security features that keep your data safe from the Log4shell vulnerability. Start today with a free trial of SAFEQ Cloud.