Billions of devices at ‘severe risk’ of attack from flaw

Billions of devices at ‘severe risk’ of attack from flaw

How to fix the 'log4j' security vulnerability

by Kurt Knutsson

High profile hacks are underway as a result of a flaw found in countless servers and internet software powering thousands of familiar products such as Apple iCloud.

The flaw creating a massive security problem is located in a snippet of code called Log4j used by a vast amount of internet applications around the world to help track users’ activity.

Left unfixed, the US Cybersecurity and Infrastructure Security Agency director Jen Easterly says in a statement, “To be clear, this vulnerability poses a severe risk”. The warning goes on to ask that ‘urgent action’ be taken by vendors to upgrade to a patched version 2.15.0 immediately.

Why this attack is big problem getting elevated urgency

The flawed Log4j code is widely used by nearly every company within numerous systems for products and services that you and I likely use several times a day. It is likely to be the root cause of millions of hacks around the world so far.

The vulnerability is creating the perfect security storm and potentially disastrous trouble for these two simple yet powerful factors in the threat.

Two prongs that spell trouble

1) It’s easy for hackers to exploit and 2) is so widespread that it’s likely to take weeks to months to minimize potential impacts.

Here’s how it works

The log4j vulnerability takes data from an internet application and stores it elsewhere. A feature that allows it to execute code now has hackers exploiting it to send malware.

Awareness of the vulnerability started last Thursday when the vulnerability was weaponized by hackers to steal cryptocurrency and hack into some Minecraft servers.

How to fix the log4j vulnerability

The U.S. top security agency is recommending companies and governments take 3 immediate steps:

  1. Identify any external facing devices that have log4j installed
  2. Make sure their security operations centers are actioning every single alert
  3. Install a web application firewall (WAF) with rules that automatically update

For us as consumers, make sure you keep your operating software up to date.

Update your Apple software

Apple is among the first tech companies to respond with newly released security updates to mitigate vulnerabilities several Apple products. Take this moment to update the following:

  • iOS 15.2
  • iPadOS 15.2
  • macOS
  • tvOS 15.2
  • watchOS 8.3

Mac computers  click the apple icon in top left corner of screen >  click About this Mac  >  click Software Update

iPhone and iPad  tap Settings from the home screen  >  tap General Software Update  >  select to update to iOS 15.2

AppleTV   press menu button on Apple remote  >  select System  >  select Software Updates under the Maintenance section

Deploy robust protection software and apps

This serious widespread threat also underscores the importance in always using security protection software and apps across all of your family’s devices.

One of the top anti-virus apps for Macs, Windows, Android phones and iPhones is TotalAV.   Their product is full of features to keep you safe from malware and protect you when browsing the internet including ransomware protection, real-time antivirus protection, elimination of viruses and malware, a tool to free up your computer’s space, plus more.   Limited time deal for CyberGuy readers: $19 your first year (80% off)  

You can check out our review of other anti-virus apps, here: Best Antivirus Security Software and Apps to Protect You 2022.

 

 

ExpressVPNcomputers phones and tablets with ExpressVPN software

ExpressVPN has identified and rolled out a protective layer for the Log4j vulnerability. All ExpressVPN users now benefit from this protection—all it takes is turning on the VPN.

  • Set up was quick and took less than 2 minutes – that’s quick and simple
  • I noticed a significant improvement in the speed of my internet connection while other VPNs not on my list can slow you down
  • Works seamlessly with routers, gaming consoles and Smart TV’s so virtually every device in your life can be safely protected in your own pocket of privacy
  • 7-day free trial available for their iOS and Android versions as well as a 30-day money-back guarantee
  • Strong and helpful customer service experiences

You can set up ExpressVPN on up to 5 simultaneous connections at a time.


Get 3 months FREE by purchasing 12 months ($6.67/month for 15 months)

 


   

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder