Tag: exploit

  • If you’ve never heard of the Log4J vulnerability, you’re probably at risk

    If you’ve never heard of the Log4J vulnerability, you’re probably at risk

    News is moving fast on the Log4J vulnerability, also known as “Log4shell”. It was first discovered in the video game Minecraft, developers realized hackers could exploit the vulnerability to gain access to the targeted computer and take it over. They quickly released a patch but also made a disclosure that brought the exploit to the public’s view.

    The Cybersecurity & Infrastructure Security Agency (CISA) has now made a running repository that lists all of the software and devices vulnerable to this exploit. There you will find guidance on patching the effected products.

    So, what is the Log4J vulnerability and what does it do?

    It all stems from the building blocks that are used when a programmer is creating their code. Programmers will take bits of code that commonly available and used to act as a foundation for the program they’re trying to write, and in this case one of those foundational bits of code was Log4J. Log4J is used by Java to create a log of activity for the device it’s running on. It copies everything that happens as the program runs, and it makes sense that the vulnerability was initially discovered in Minecraft (a Java based game).

    This communicative bit of code is found in many different programs, which is why it could be devastating if it was widely exploited. Hackers would be able to send a message to the “Log4J” effected product giving it commands. This would essentially allow them to take over the device and have full access.

    Minecraft Isn’t the only thing based in Java either, Java is an extremely popular programming language and bits of it can be found in almost everything. Created in 1995, Java can be found on everything from your own personal laptop to the supercomputers used to solve complex scientific equations. 9937 companies openly report including Java in their tech stack, including Google, Airbnb, Amazon and more.

    Java is also the preferred language for mobile applications, such as Android. Any business interested in having a mobile facing application (which they absolutely should considering mobile devices command the highest percentage of the worldwide web traffic at 54.8%) will need to utilize Java to accomplish it.

    This is so much to say, Java is in nearly everything which makes an exploit that targets a common component of it a recipe for disaster.

    All is not lost however, now that the exploit has been discovered many businesses are working furiously on patches and notifying their customers. You can check the CISA link found at the beginning of this article to keep track of what’s being done by specific businesses.

    Click to open the full size version.

    This ordeal is a good reminder to stay up to date on patches that are offered by the software you utilize, but if you’re running a business, orchestrating patching across many different devices company wide can be much more difficult.

    Valley Techlogic offers preventative maintenance in all of our service plans, as well as disaster recovery services if the unthinkable does occur. Learn more today by scheduling a short consultation with us.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Have a Dell laptop or computer? This vulnerability is one to watch out for.

    Have a Dell laptop or computer? This vulnerability is one to watch out for.

    Vulnerabilities that can broadly attack major systems or specific retailers are especially problematic. Many of these vulnerabilities are quietly patched before you’re even aware there was a problem but sometimes things can fly under the radar for a while.

    Such is the case in an affected Dell driver that has been pushed out to machines for the last 12 years. It was recently discovered this driver can allow bad actors to possibly gain more access to the affected Dell systems. It’s estimated hundreds of millions of Dell computers, laptops and tablets could have the affected driver and be at risk.

    While it’s not considered critical at the moment because the affected computers would already have to be compromised in some way for it to be used, it’s still problematic because it could make removing malware or other system infections more difficult. These drivers would potentially allow them unrestricted to the affected machines in the event the user is hacked.Tech News #9

    There are currently no recorded cases of this exploit being used, however now that it’s been made public that may change. Researchers have held back the details of the exploit to allow users time to patch, and Dell has issued a security advisory regarding the driver. However, they have not as of writing revoked the affected driver.

    This is another reminder as to the importance of maintaining updates on your machines. Even with security measures in place, no system is perfect. Vulnerabilities can be discovered years later with varying levels of severity. By maintaining patching, you won’t be caught off guard or risk having your machines exploited by a vulnerability.

    Here are 5 patching best practices:

    1. Automate. If you can, automate the process. Schedule your patches to happen at a time you won’t be busy working on your computer.
    2. Plan your approach. If you’re managing patching for your business, you want to plan how you’ll approach patching company wide. It may be prudent to patch overnight or patch in waves if your business is open extended hours.
    3. Test patches. Test patches on a single machine before rolling them out company wide, sometimes patches can create problems that might necessitate a rollback and that might hinder your business if everyone in the office is down.
    4. Maintain patch levels. The last thing you want to do is fall seriously behind on patches. Patching will be a lengthy process as you try and catch up, and your machines may be left vulnerable in the interim.
    5. Get Help If You Need It. Patching your home machines is a fairly straight forward process usually but patching from a business perspective can have many intricacies beyond just “apply patches”. When in doubt, leave it up to the professionals.

    If you need help with patching or the myriad of other items that keep your office machines in tip top shape and safe from malware, Valley Techlogic is here for your business. You can schedule a free consultation here.

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.