The South African Banking and Risk Information Centre (SABRIC) says its member banks have been responding to the globally reported remote code vulnerability in the Apache Log4j 2 Java software, also known as Log4Shell (or LogJam).
Logjam is a new attack affecting secure communications between users and websites, allowing an attacker to read or alter data.
Sabric’s Nischal Mewalall says LogJam can allow someone to take control of java-based web servers and launch remote code attacks.
“The banking sector’s computer security incident response team, or CSIRT, is pro-actively monitoring the situation as banks investigate and take action.”
Mewalall added that thus far, no compromises in customer data, applications and systems have been reported.
SABRIC has recommended that organisations running Apache Log4j, urgently check for vulnerable versions of Apache Log4j in their environments and applications, implement the latest patch to production environments,monitor security bulletins and vendor patches as they become available