The simplest of hacks…
Imagine being able to hack a server simply by pasting a block of text into a chat window. Well, that’s exactly what happened to the game MineCraft’s servers over the weekend. The newly discovered vulnerability is called Log4Shell and it exploits a previously unknown weakness is a common Java library used by thousands of servers around the world. The vulnerability allows an attacker to take complete control of the server using simple text inserted in a login field or other window, like a chat window.
Who’s vulnerable? Twitter, iCloud, even certain Microsoft applications, just to name a few. The truth is, Java is one of the most prolific programming languages used on servers, particularly internet servers, so the potential reach of this vulnerability is almost incalculable – potentially every single company. So you have a vulnerability that impacts almost every server and you need no hacking skills to be able to exploit it. That’s the reason why cybersecurity experts are sounding the alarm and many are calling this the most dangerous weakness we’ve seen in years.
What can you do about it? Application developers are actively issuing patches for this vulnerability. If you’re hosting your own servers or running your own applications, it’s a good idea to check if you are using log4j2. If you are, make sure you update the Java library immediately. For everyone else, make sure you run your updates this week – that includes checking the firmware on your firewalls and network switches. Virtually anything that has a log in process could be using this bit of Java code, and that means it needs to be updated.
For more information, read the details here: CVE – CVE-2021-44228 (mitre.org)
Stay on the lookout for holiday scams – fake delivery receipts are exceptionally popular right now, as are fake Amazon purchase emails.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.