Apache Log4j is one of several Java-based logging frameworks, used to log security and performance information, on upwards of 3 billion devices around the world. The little known (but widely used) package is used in a huge variety of consumer and enterprise services, websites and applications, as well as medical devices and supporting systems.
When the code flaw was identified as a vulnerability, it was immediately recognised how useful and widespread the software toolset had become. Two big problems existed: the package hadn't been updated for a long time, and it was in almost everything (even though it was not necessarily active).
The seriousness of the flaw meant that a rogue actor could access any internet facing application and try to make use of the weakness - with the code is freely available on social pages. For the server-based players of the online game Minecraft - the hack was as simple as posting code into the chat window to "turn" the server features on, however this isn't true for all packages (note at the time of writing this Minecraft have fixed the problem).
At the time of writing this, the 4th version of patches have been released (within the last 6 days) as programmers try to eliminate the threats being detected. Fortunately no machines within the Groupsupport portfolio have been overcome, however the team have noticed increased activity - those clients at risk have been contacted individually.
If you have any questions, please contact the team