Today we’re going to talk about What Is The Log4j Vulnerability, how bad is it, and what you should be doing to protect yourself? Log4j is an open source to be Curtis, Apache logging framework or logging library in a simple term used by Java, even though Java is not a commonly used language that’s not very popular today. However, it’s still out there and a lot of big companies.
Many customers are still using Java today, So it is, what is it, right? So log4j, there is a vulnerability that was found where an attacker, all they have to do, is send a strategic malicious code string to the server. It will eventually get the log by log4j a library, which will allow the attacker to download or load arbitrary Java code on the server, and then be able to take control of the whole server. So an end attacker could be unauthenticated, and they’ll have complete control of the system. So it’s pretty bad. Can security as scoring log4j at a level of
It's affecting corporations. It's affecting individual users. Affecting pretty much everybody.
Affected by log4J vulnerability
if you are using windows platform Linux platform Mac users including Android and iOS users you are affected by the security vulnerability.
If you’re strictly on Android, I think you’re safe. But let me know in the comments below if I’m wrong. what’s happening here is that there’s a security vulnerability within log4J.
Hackers can bypass any restrictions and gain access to a computer system without using a password. Once they’re inside computer systems, hackers may attempt to install malware, perhaps spy on you or take data and information such as passwords. And this security vulnerability was found out on November 24th but wasn’t publicized until a few days ago.
And that’s when attacks really started to. Fortunately, here log for J has been updated to get rid of the security risk has version 2.15. The security risk in log4J is no longer present. And log for J is currently at version 2.16. However, this is the big unfortunate news. A lot of software doesn’t use the current version of the log.
So pretty much any single piece of software out there using log4J previous diversion, 2.15, is still at risk. So at this point, you might be asking,
Protect against the log4J vulnerability
- Highly recommended that you upgrade or patch your server.(Patch Github link)
- Changing your passwords frequently.
- Keep Strong passwords
- Try to use VPN ( Not Free )
- Use two-factor authentication
Still, none of these methods will protect you 100%.
Cisco standpoint just goes to tell us it’s got all the information about this. Vulnerabilities just go already come out with the snort IDs for that and already listed that domains malicious domains that are relating to those log4j.
So if you’re running, if you have Cisco firewall, next-gen firewall and for him and endpoint or umbrella, then from a visibility standpoint, sis catalysis already got this information, and it’s reading into those systems. So if anything comes through those systems or Solutions, you, our systems are going to catch this information and block them spread, or then there and report to you about that as well,
We’re all at the mercy of companies updating their software. So at the end of the day here, the best practice is to update the software on your computer. If you’re using a program and you see an update, By all means, update it. It’s probably that security fix to fix the log4J security vulnerability.
Anyways, that is all I’ve got for this video. Let me know your thoughts about this vulnerability in the comments below. You care about it. Do you not care about it? And are you just patiently waiting for every single piece of software you’d use on the computer to be updated.