Warning level red because of Log4j: You have to do that now

• Due to a security gap in the Java library Log4j, the BSI has declared the warning level red.
• The library is used in numerous online services.
• It is important to keep all programs up to date.

The Federal Office for Information Security (BSI) has declared the warning level red. With this, the office warns of an extremely critical threat situation in the network. The reason is a security hole discovered a few days ago in the widely used Java library Log4j.

The vulnerability called “Log4Shell”, which is very easy to exploit, was first discovered in a version of the Minecraft game. According to estimates by experts, however, it affects countless other online services – such as Apple’s iCloud or the Steam gaming platform.

The BSI already has information that cyber criminals are exploiting the vulnerability to smuggle crypto miners into foreign systems. Further attack scenarios are conceivable.

The BSI therefore sees a need for action above all in organizations and companies. But as a private user you can also do a few things.

Checks whether you are using software or devices that are vulnerable to the vulnerability. So far it is not clear which programs and online services are all affected by the problem. On Github you will find a constantly updated collection of affected services – including links to the recommendations of the respective developers on what you can do now.

In addition, you can only use known precautions for surfing the net:

• If possible, activate 2-factor authentication for the online accounts you use.
• Use secure passwords for your accounts.
• Keep the firmware of your devices and your software up to date.
• Use a VPN to surf.
• You should also save important and sensitive data on a data carrier that is not connected to the Internet.

” Tip: The best VPN providers for more security and data protection