Last December, a new vulnerability called log4shell emerged as a potential threat to millions of devices worldwide.
This threat concerns the log4j logging library, which is widely used in most Java applications. As most applications record all kinds of information from outside, log4shell could take advantage of this flaw by remotely executing an arbitrary code (JNDI call) on machines running log4j. Once executed, the impact could be significant, allowing hackers to take control of a remote system quite easily.
Through its security team, Belnet was able to react quickly to limit the risks, in consultation with the European cybersecurity authorities.
Actions taken by Belnet
- As soon as our security team became aware of this vulnerability, an advisory note was written for the organisations connected to our network. This advisory note was updated as the situation evolved.
- We checked all our servers and laptops for vulnerability to log4shell and immediately began patching and checking for indicators of compromise. However, we were not affected.
- We naturally strongly encouraged our customers to do the same. Log4shell was a dangerous vulnerability for many customers, as log4j is a popular Java library for logging. Almost all Java applications that use logging use log4j, which has had a significant impact on everyone.
Our security team continues to monitor the situation and will keep you informed in the event of a new vulnerability. As an organisation connected to the Belnet network, our security team is available to assist you if you have been impacted by log4shell or would like more information on the contents of our advisory note.