You may have heard in the news about Log4j, a major security vulnerability that’s affecting the whole internet right now. What is unusual is that it’s not directly affecting the desktop and laptop computers that you use in your business. Instead, it’s impacting the servers that run much of the web.
We have some recommended security measures you can take to keep you and your team better protected online. We’ll cover that below.
HERE IS A SIMPLE GUIDE TO WHAT’S HAPPENED AND WHAT IT MEANS, WITHOUT THE TECH SPEAK!
So, let’s start at the beginning. On December 10th, a problem was noticed in the highly popular game, Minecraft. It soon was apparent that the problem affected more than just a game. It is now known to have affected millions of internet applications that rely on this bit of Java code. The problem is related to a security gap in software called Log4j. It is designed to keep a record (log) of events within other software applications. This record helps developers keep track of and fix problems. Log4j is open source software, it’s developed for free by software developers, and it’s available for anyone to use. It is a huge timesaver because developers can use it in their software rather than have to write their own logging code. It makes creating new applications more efficient. But, since it is so widely used, the vulnerability is now impacting millions of pieces of software running on millions of machines. Even though it’s not directly affecting your end user’s computers in use in your business, it is having an effect on many of the services you use.
The vulnerability lets hackers infiltrate and run code on web servers. This can allow them to steal data, delete files, or even run other malware. This makes it easy enough to run malicious code that virtually anyone could do it.
So, now what?
The solution to the problem was created quickly and was released in a software update (patch) to fix the issue. But it will take time for developers to update all the servers and software that have been using Log4j. It’s so commonly used that it could take several months for the fix to be applied on all servers. And there may be some web applications that are never updated.
This is where the average user comes in, as we could see a lot of website breaches happen in the near term. Some ecommerce businesses that don’t apply the patch quickly may find cybercriminals stealing their customers’ credit card numbers or other information, causing identity theft to become more common. Some sites you and your team visit may secretly download malware – malicious software – onto your computers.
We recommend some basic security measures that you can use to make your browsing more secure:
- Use a password manager tool! We recommend LastPass. It can help you to:
– Use strong, randomly generated passwords that include special characters
– Not use passwords for more than one website
– Monitor the Dark Web to see if your usernames or passwords go up for sale to hackers - Monitor your card statements for unknown or unexpected charges
- Keep your business’s software and computers up-to-date, apply all patches as they become available
- If you are a webmaster, make sure your web-servers are being updated with the latest patches and monitor for unexpected changes
We can help you with all of these preventive measures and other cybersecurity related issues, reach out to us today!
#log4j #log4shell #BiggestEverThreat #cybersecurity #AtlantaMSP