cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Why it's so important to update!

1492
Moderator
Moderator

What is Log4j?

By now you may have heard about an obscure sounding 'Apache Log4j' vulnerability, now considered to be among the worst in cyber history, affecting millions across the world. Log4j is a free JAVA logging utility used in popular web servers and applications. JAVA is not related to JavaScript which is entirely different. If your applications is not utilizing JAVA, you are not vulnerable. One problem is that it may be difficult to determine if your application is using a component thatโ€™s integrated with Log4j utility.

Make it tougher for cyber-criminals and hackers

If there are any personal takeaways, among the top is to keep all your OS, browsers, and software updated as soon as application releases are provided. Though there may not be an effective instant solution to protect against 0-day exploits by their very nature, the lesson is not to delay when security updates become available. And donโ€™t use unsupported or outdated software no longer providing security patches, while connected to the Internet.

Exploiting software vulnerabilities are becoming the foremost methods used by cyber criminals and hackers. Security software is no longer a primary line of defense, just one cog in layered protection. In many cases, if a hacker can breach your system using a vulnerability allowing elevated privileges, they can disable/bypass your security software.

Case in point, virtually all infected with WannaCry ransomware, encrypting personnel data until payment was transferred to cyber-criminals, were carried out on Windows 7 machines that had not installed updated security patches at the time.


Why should I even be concerned about Log4j?

Though Log4j flaw effects primarily enterprise software, your personnel stored data could be compromised as the full scale of this vulnerability has not yet been determined and may take years to resolve.

But there is another question that has yet to be answered? The vulnerability of โ€˜smart devicesโ€™ and other IoT. Such as smart TVs, security doorbells/cameras, appliances, printers, etc. Many have a built-in web server or OS to communicate data to manufactures/users and could be utilizing Log4j utility as its free.

Most of these devices are connected to our home networks, and conceivable that this flaw could allow hackers an endpoint to compromise access to data from attached computers/devices, if not worse. Simply by utilizing a text-based string in an email, chat, message, or embedded in an online advertisement to exploit this flaw?

Iโ€™ve rarely seen or been informed of security updates for smart devices. Wonder if none are forthcoming, how many would take the risk to keep known vulnerable devices connected on our home networks?

Itโ€™s not yet known of the full ramifications from Log4j flaw.


Hacker attempts getting worse

Apache released a security patch for Log4j flaw about 4-days before it was widely published by news outlets. Reports of it being first detected on Minecraft site were apparently not accurate as it had been seen earlier. Apache has since released more patches and program updates as hackers scanning to exploit the flaw has skyrocketed in recent days, reaching thousands per minute. Hackers have also apparently modified their approaches to get around recent security updates.

The biggest challenge now is determining the full extent of the vulnerability as we donโ€™t know how many apps are affected. In recent webinars this week, top security experts are advising daily application scanning and port restrictions, and to not trust your apps are not affected โ€“ zero trust approach.

You canโ€™t protect against every security threat these days, though keeping updated with security patches is becoming the frontline defense.
4 REPLIES 4

wa8yxm
Explorer III
Explorer III
As NamMewdevac implies the best security is what I call the ONION system.
Like an onion it is layer upon layer upon layer
A good firewall (I have one of the best)
A good anti-malware FULL TIME live
A 2nd and even a 3rd anti-malware one of which is on "External" media (USB stick)

I have had malware get past one or two. but not often the 3rd or 4th.

You also need to update your wetware (Brain) You get a pop up "Your computer is locked" or a message "your account is (or will be) Suspended..... DO NOT CLICK ON ANY LINK IN THE POP UP OR MESSAGE.

That first one can be a type B Itch to get rid of.. I've had to force shut down of the conmptuer then run a scan (Clean) on restart.

IF you get message about say your Amazon account.. manually type Amazon.com or click on an existing link in your BOOKMARK list. DO NOT click on the linke the scammer provides.

This is Bank of America Security and we are having a problem accessing your account to fix a problem, click on the link below and log in....

(Actual scam letter) Yup. they are still having a problem logging into my account. (It was closed like 5 years before I got the scam letter. I can't log into it either, made it easy to spot as a scam)

And no, I've not been charged on my Amazon Linked card for a new I-phone (For one thing i don't have a default card on Amazon)
Home was where I park it. but alas the.
2005 Damon Intruder 377 Alas declared a total loss
after a semi "nicked" it. Still have the radios
Kenwood TS-2000, ICOM ID-5100, ID-51A+2, ID-880 REF030C most times

NamMedevac_70
Explorer II
Explorer II
On my 4 laptop PCs I use Malwarebytes premium and free for years now with no issues of trojans, viruses, etc. Also update often and when notified to do so. I place no credit card or financial info on my cellphone and my Smart TV does not connect to the internet except for occasional updates if offered. Also have MS Defender and/or Security Essentials on all.

wildtoad
Explorer II
Explorer II
Good information, but I have to askโ€ฆ for the average guy how does it affect me if Iโ€™m using an iOS device, or an older Surface pc/tablet?
Tom Wilds
Blythewood, SC
2016 Newmar Baystar Sport 3004
2015 Jeep Wrangler 2dr HT

Lwiddis
Explorer II
Explorer II
Thank you posting this information.
Winnebago 2101DS TT & 2022 Chevy Silverado 1500 LTZ Z71, WindyNation 300 watt solar-Lossigy 200 AH Lithium battery. Prefer boondocking, USFS, COE, BLM, NPS, TVA, state camps. Bicyclist. 14 yr. Army -11B40 then 11A - (MOS 1542 & 1560) IOBC & IOAC grad