SA banks on high alert amid Java vulnerability that can allow remote code attacks

rvZA

rvZA

Honorary Master
Joined
Jan 3, 2021
Messages
25,277
Reaction score
25,153
The South African Banking Risk Information Centre (SABRIC) says its members, which includes major local banks, have been on high alert since early December because of a Java-related vulnerability that can make companies susceptible to cyberattacks.

The organisation, formed by the four major banks in SA to assist in combating organised bank-related crimes, said a globally reported vulnerability in the Java software, also known as Log4Shell or LogJa, can allow someone to take control of Java-based web servers and launch remote attacks on banks and other institutions.

"Since 9 December 2021, SABRIC's member banks have been actively responding to the globally reported remote code vulnerability in the Apache Log4j 2 Java software," said SABRIC in a statement.

The Apache Log4j 2 Java software vulnerability issue first came to light on 9 December. In other parts of the world, companies even took their websites offline to try to protect themselves against this vulnerability.

SABRIC CEO Nischal Mewalall said a response team was proactively monitoring the situation as banks investigate and take action. He added that thus far, local banks have not reported any compromises in customer data, applications and systems.

But SABRIC recommends that organisations running Apache Log4j urgently check for vulnerable versions in their applications.
Click to expand...

www.news24.com

SA banks on high alert amid Java vulnerability that can allow remote code attacks | Business

A globally reported vulnerability in Java Log4j can allow someone to take control of Java-based web servers and launch remote attacks on banks and other companies.
www.news24.com www.news24.com
 
Hope everyone did their Christmas prezzie buying. Not sure how safe money and personal information will be in banks....

I can almost see it when the attacks start....

 
rvZA said:
Hope everyone did their Christmas prezzie buying. Not sure how safe money and personal information will be in banks....

I can almost see it when the attacks start....

Click to expand...
This wouldn't be the first time and definitely not the last. Banks have capable staff and contingency plans should anything go wrong. Chill.
 
images
 
ForceFate said:
This wouldn't be the first time and definitely not the last. Banks have capable staff and contingency plans should anything go wrong. Chill.
Click to expand...
This is actually sorted out already in 2 clients we work with (at my client, we use log4net & not log4j so ours seem ok as per checks done so far) but the sky is always falling for this guy. /shrugs
 
We've been running around the past two weeks with this and MS releasing a bunch of zero-day fixes as well. Always fun when this happens in December
 
the way those first paragraphs are worded one could easily assume this is a "Java/Oracle" problem when it is in fact an "Apache" problem
 
Are there any "Java-based webservers"?

I thought Nginx and Apache run most the the world's webservers. Who's the... ah news24.
 
lexity said:
Are there any "Java-based webservers"?

I thought Nginx and Apache run most the the world's webservers. Who's the... ah news24.
Click to expand...

Yes, many. You might want to put apache or nginx in front of a Java server for many reasons.

But the problem is log4j which is a logging library that is popular so its built into many things.
 
lexity said:
Are there any "Java-based webservers"?

I thought Nginx and Apache run most the the world's webservers. Who's the... ah news24.
Click to expand...
Tomcat... Weblogic... Oracle app server, resin, jboss, the list goes on
 
Sinbad said:
Tomcat... Weblogic... Oracle app server, resin, jboss, the list goes on
Click to expand...
Geez, yes.. I forgot about those.

Although those are more like app-servers. The webserver components they offer were always more like shoe-ins for dev purposes. When it came to doing the specialist job of a web-server, in a live environment, they would mostly turn to the specialist, more widely-adopted Apache and these days Nginx. Nginx appears to be favored for static resource-serving.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X