High profile hacks are underway as a result of a flaw found in countless servers and internet software powering thousands of familiar products such as Apple iCloud.
The flaw creating a massive security problem is located in a snippet of code called Log4j used by a vast amount of internet applications around the world to help track users’ activity.
Left unfixed, the US Cybersecurity and Infrastructure Security Agency director Jen Easterly says in a statement, “To be clear, this vulnerability poses a severe risk”. The warning goes on to ask that ‘urgent action’ be taken by vendors to upgrade to a patched version 2.15.0 immediately.
Why this attack is big problem getting elevated urgency
The flawed Log4j code is widely used by nearly every company within numerous systems for products and services that you and I likely use several times a day. It is likely to be the root cause of millions of hacks around the world so far.
The vulnerability is creating the perfect security storm and potentially disastrous trouble for these two simple yet powerful factors in the threat.
Two prongs that spell trouble
1) It’s easy for hackers to exploit and 2) is so widespread that it’s likely to take weeks to months to minimize potential impacts.
Here’s how it works
The log4j vulnerability takes data from an internet application and stores it elsewhere. A feature that allows it to execute code now has hackers exploiting it to send malware.
Awareness of the vulnerability started last Thursday when the vulnerability was weaponized by hackers to steal cryptocurrency and hack into some Minecraft servers.
How to fix the log4j vulnerability
The U.S. top security agency is recommending companies and governments take 3 immediate steps:
- Identify any external facing devices that have log4j installed
- Make sure their security operations centers are actioning every single alert
- Install a web application firewall (WAF) with rules that automatically update
For us as consumers, make sure you keep your operating software up to date.
Update your Apple software
Apple is among the first tech companies to respond with newly released security updates to mitigate vulnerabilities several Apple products. Take this moment to update the following:
- iOS 15.2
- iPadOS 15.2
- tvOS 15.2
- watchOS 8.3
Mac computers click the apple icon in top left corner of screen > click About this Mac > click Software Update
iPhone and iPad tap Settings from the home screen > tap General > Software Update > select to update to iOS 15.2
AppleTV press menu button on Apple remote > select System > select Software Updates under the Maintenance section
Deploy robust protection software and apps
This serious widespread threat also underscores the importance in always using security protection software and apps across all of your family’s devices.
One of the top anti-virus apps for Macs, Windows, Android phones and iPhones is TotalAV. Their product is full of features to keep you safe from malware and protect you when browsing the internet including ransomware protection, real-time antivirus protection, elimination of viruses and malware, a tool to free up your computer’s space, plus more. Limited time deal for CyberGuy readers: $19 your first year (80% off)
You can check out our review of other anti-virus apps, here: Best Antivirus Security Software and Apps to Protect You 2022.
ExpressVPN has identified and rolled out a protective layer for the Log4j vulnerability. All ExpressVPN users now benefit from this protection—all it takes is turning on the VPN.
- Set up was quick and took less than 2 minutes – that’s quick and simple
- I noticed a significant improvement in the speed of my internet connection while other VPNs not on my list can slow you down
- Works seamlessly with routers, gaming consoles and Smart TV’s so virtually every device in your life can be safely protected in your own pocket of privacy
- 7-day free trial available for their iOS and Android versions as well as a 30-day money-back guarantee
- Strong and helpful customer service experiences
You can set up ExpressVPN on up to 5 simultaneous connections at a time.