The UCSB Security Operations Center and IT teams across the campus are responding to a newly revealed software vulnerability in an open-source software package called Log4j. This vulnerability affects a broad range of websites, applications, devices, and digital systems across the Internet, making it extremely dangerous.
What UCSB is doing:
We are working to determine the potential impact on campus systems and will reach out directly to any members of the UCSB community that we can determine are affected.
- Patching & Fixing - UCSB IT staff are patching and fixing affected campus systems as quickly as possible, and documenting vulnerability status for all central campus IT systems.
- Blocking Systems & Removing Services - To protect campus systems and data, the IT staff is closely monitoring this situation. Consistent with UCSB’s implementation of the Electronic Communications Policy and our vulnerability management program, we will proactively remove vulnerable systems from the network at an accelerated pace. Compromised systems will be removed immediately.
- Monitoring - The Security Operations Center will continue to monitor network and system logs closely, especially throughout the holiday period.
What you can do:
- Before leaving campus for the winter holidays, please power down or remove any servers or devices that will not be in use. Attackers know that campus locations have minimal staffing during this time and take advantage of it by launching attacks.
- If you leave devices running, make sure they are up-to-date.
- Protect your home systems as well. Ensure that the operating systems and all software packages on your home devices are updated and that your anti-malware has installed the latest updates.
There are many sources available if you want to learn more about Log4j and this vulnerability. This Reuters article provides a good overview of the severity of the vulnerability. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has published a webpage with technical details, available here.
There’s never a good time for a critical security vulnerability to emerge, but the holiday season makes a response especially difficult. We appreciate that our campus community does its part to help prevent any impact on UCSB systems.