High profile hacks are underway as a result of a flaw found in countless servers and internet software powering thousands of familiar products such as Apple iCloud.
The flaw creating a massive security problem is located in a snippet of code called Log4j used by a vast amount of internet applications around the world to help track users’ activity.
Left unfixed, the US Cybersecurity and Infrastructure Security Agency director Jen Easterly says in a statement, “To be clear, this vulnerability poses a severe risk”. The warning goes on to ask that ‘urgent action’ be taken by vendors to upgrade to a patched version 2.15.0 immediately.
Why this attack is big problem getting elevated urgency
The flawed Log4j code is widely used by nearly every company within numerous systems for products and services that you and I likely use several times a day. It is likely to be the root cause of millions of hacks around the world so far.
The vulnerability is creating the perfect security storm and potentially disastrous trouble for these two simple yet powerful factors in the threat.
Two prongs that spell trouble
1) It’s easy for hackers to exploit and 2) is so widespread that it’s likely to take weeks to months to minimize potential impacts.
Here’s how it works
The log4j vulnerability takes data from an internet application and stores it elsewhere. A feature that allows it to execute code now has hackers exploiting it to send malware.
Awareness of the vulnerability started last Thursday when the vulnerability was weaponized by hackers to steal cryptocurrency and hack into some Minecraft servers.
How to fix the log4j vulnerability
The U.S. top security agency is recommending companies and governments take 3 immediate steps:
- Identify any external facing devices that have log4j installed
- Make sure their security operations centers are actioning every single alert
- Install a web application firewall (WAF) with rules that automatically update
For us as consumers, make sure you keep your operating software up to date.
Update your Apple software
Apple is among the first tech companies to respond with newly released security updates to mitigate vulnerabilities several Apple products. Take this moment to update the following:
- iOS 15.2
- iPadOS 15.2
- tvOS 15.2
- watchOS 8.3
Mac computers click the apple icon in top left corner of screen > click About this Mac > click Software Update
iPhone and iPad tap Settings from the home screen > tap General > Software Update > select to update to iOS 15.2
AppleTV press menu button on Apple remote > select System > select Software Updates under the Maintenance section
Deploy robust protection software and apps
This serious widespread threat also underscores the importance in always using security protection software and apps across all of your family’s devices. My top recommendation is:
MacOS, Windows, iOS and Android device protection
Annual or monthly subscription currently at a 60% discount for Holiday Deal at $23.99/year for up to 5 devices (slightly more for 10 devices) that include MacOS, iOS, Windows and Android.
Bitdefender is strong while being user friendly and easy to use. It’s great at protecting many evils beginning with anti-virus security that recognizes malware, ransomware, viruses and other threats like spam. What I really like is the real-time data protection to battle malware automatically with their antivirus solution that does not slowdown anything you are doing. AI improvements can identify suspicious threats on your network and block an attack fast.
Bitdefender’s Rescue Mode can clean-up threats to keep your devices safe. It has a lot of bells and whistles that I like especially the file shredder that takes deleting to a whole new level of destruction of sensitive personal info you want to erase for good. Bitdefender is popular with its users and available at multiple online stores but I find the best pricing is here directly from Bitdefender by cutting out the middleman.
ExpressVPN has identified and rolled out a protective layer for the Log4j vulnerability. All ExpressVPN users now benefit from this protection—all it takes is turning on the VPN.
- Set up was quick and took less than 2 minutes – that’s quick and simple
- I noticed a significant improvement in the speed of my internet connection while other VPNs not on my list can slow you down
- Works seamlessly with routers, gaming consoles and Smart TV’s so virtually every device in your life can be safely protected in your own pocket of privacy
- 7 day free trial available for their iOS and Android versions as well as a 30 day money back guarantee
- Strong and helpful customer service experiences
You can set up ExpressVPN on up to 5 simultaneous connections at a time.