Log4j Zero-Day security vulnerability is a security nightmare- Security-cnBeta.COM

being able to:

Alibaba Cloud’s ‘Super Product Week’ launches hot selling cloud products 40% off and 1 yuan new purchase of domain names

You cannot properly protect against Log4j attacks

Security researchers have seen thousands of people attempt to use Log4j hacking technology to gain access to computer systems. And the worst thing about this hacker is that even if the hacker did not specifically target you, you could be affected. And worst of all, you have no way to protect yourself.

After the zero-day exploit in PegASUS was discovered, Apple urgently released a patch to fix it, and users only need to install iOS and iPadOS updates. A few years ago, when security holes appeared in the Specter chip, the manufacturer of the chip and the company running the operating system on it released a fix. But in the Log4j hacking incident, there is no iPhone, Android, Windows or Mac fix that can fix the vulnerability and ease your concerns.

qb9hhcxm.jpg

As we’ve already seen, hackers can influence software like Microsoft’s Minecraft. The hacker sends a few lines of text via the in-app chat system to take control of the computer. Microsoft has corrected this vulnerability. But any company that provides Internet services and Internet-related products is at risk. Every company should update their servers so that attackers cannot use Log4j hackers. This vulnerability issue allows hackers to bypass restrictions and enter the computer system without a password.

From there, they can run code remotely, enabling them to monitor these companies and steal information and/or funds. Clients of these companies may be harmed, which is always the risk of such hacking. But end users cannot patch Log4j vulnerabilities by themselves.

For Log4j hackers, it is not as simple as clicking on the wrong link and downloading malware to your computer. None of this is at your fingertips. Even though you may be proficient with the internet, there is no way to prevent hackers from attacking your internet company customers.

According to Check Point researchers’ observations of Log4j hackers, attackers make more than a hundred attempts every minute to exploit vulnerabilities in the Java logging tool. In the days after revealing Log4Shell, Sophos detected hundreds of thousands of attempts.

What can you do to solve this problem

Microsoft has observed attacks involving the installation of crypto-mining malware on servers. In addition, some hackers try to install Cobalt Strike on vulnerable systems, which can cause hackers to steal usernames and passwords. The company has also detailed Microsoft 365 Defender features that can prevent Log4j hacking. But this may not be good enough for most people, this only covers Windows and Linux. And her IT team must take care of repairs in servers and computer systems.

What users can do is pay attention to their Internet properties. You should continue to use strong, unique passwords for your services. Add two-factor authentication for sensitive apps and emails that manage access to online financial transactions. Watch out for any suspicious activity on these sensitive accounts, be it emails or home banking apps.

You can also check with your organization’s IT department to make sure they know what the Log4j vulnerability is and what they need to fix. Likewise, you can contact other technology companies to see what they are doing to protect you. On the other hand, it is pointless to ask customer representatives for answers they may not have.

When you do this, update all the software on your device to the latest version available. This includes operating systems and applications. When these companies publish Log4j fixes, you want to make sure you get them as quickly as possible.

Security researchers said a few days ago that it takes time to notice the damage caused by the Log4Shell attack. This is still true. And while we wait, we may get more information on how to protect ourselves from Log4j hackers.

Menu