Due to high covid sickness, our Customer Support phone line is operating at reduced hours, from 8am to 5pm Monday to Friday. Check out our improved - Online Help Centre
24-12-2021

Apache security incident and what you need to know

Over the weekend you may have seen media about a globally wide-reaching Apache Log4j java logging library vulnerability that is actively being exploited across IT environments.
S

 

 

Overview

 

Over the weekend you may have seen media about a globally wide-reaching Apache Log4j java logging library vulnerability that is actively being exploited across IT environments.

 

Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. It is the method that many applications rely on to give out information about everything that goes on during the software execution to other applications or systems.

 

Given the listed severity of this security incident, we have been actively engaged in mitigation and have taken a risk-based approach, initially focused on those systems that are accessible to the internet.

 

At this point in time, we have no evidence of an exploit of any of Smartly's internal systems and can confirm that Smartly products are unaffected by this global issue. 

 

However, for your other platforms and products, please use the following advice as a guide to address the vulnerability and its impacts in specific environments.

 

Advice to customers

 

As this scenario is evolving and elements are likely to change over time the following guidance remains good practice:

  • Monitor your anti-virus vendors for updates and install them as they are made available.
  • Ensure that user education is current and that users are aware to be on heightened alert for emails that try to trick them into clicking links and providing information. It's likely that successful exploits will not be used immediately, as threat actors seek to gain access to many systems as they can before they are patched.
  • Review your incident response process and your ransomware response playbook if you have one as a precaution. 

Vendors will release patches over time, however it is important to be aware that while Apache themselves have released a patch, it is only effective for organisations that are running specific Apache software. In most cases this patch will need to be added to a larger application and that software will be released with an update. 

Parental leave
  • How to guide for termination pay
    Termination pay is often an after thought but is highly important. In this blog, we explore what termination pay includes, how to calculate final leave, and tips to help your business stay compliant. Read more
  • Changes to sick leave entitlements
    In May 2021, the Government passed a bill to double employees’ minimum sick leave entitlements from five to 10 days. The changes are now in play and as always, we’ve covered these changes for you. Read more
  • Payroll for part-time and casual workers
    Casual and part-time work can be ideal for both employer and employee alike. In today’s fast-growing “gig economy,” it’s becoming more common to see part time and casual work arrangements on payrolls. Read more