Considering the potential number of companies impacted by each of the following, we in Taft’s Privacy and Data Security Practice wanted to share this urgent post with more information to ensure your company is considering the related risks presented by these vulnerabilities in commonly used website tools and platforms.

  1. Log4j. The Department of Homeland Security and CISA reported the presence of this vulnerability being used to exploit websites and internet-connected devices of all kinds.
    More info here.
  2. WordPress. A separate vulnerability in one of the most ubiquitous website development and administration platforms was also reported. These vulnerabilities in website plugins, if exploited, can give threat actors the ability to redirect customers from your website to another site or take otherwise take control of administrator roles on a website. More info here.

Monitoring for such news and vulnerabilities should be a solid part of every company’s information security program and risks management strategy. As always, we will continue to share information here on Privacy and Data Security Insights, but nothing replaces the value of your company having active threat monitoring as part of your information security toolbox. Stay vigilant!