A new zero-day exploit has been discovered which could easily disrupt the services of several major online platforms such as Twitter, Minecraft and Steam.

The vulnerability, which has been named Log4Shell, was recently discovered by LunaSec’s security researchers. It was first located within the Minecraft platform, which is operated by Microsoft, and has since been found in many other online services. The exploit was found in an open source logging utility known as Apache Log4j, an essential tool which is necessary in most Java-based apps and servers. It’s estimated that thousands of companies are likely to be at risk due to this vulnerability.

Vulnerabilities remain a major threat for every organization that employs an IT infrastructure, so we’re going to take a closer look at Log4Shell to see what lessons can be learned.

How Does the Log4Shell Vulnerability Work?

Log4Shell is known as a zero-day exploit and this means that it’s a natural vulnerability, likely due to an oversight on the original coders, which has been discovered but not yet patched. Hackers are determined individuals and are constantly focusing their efforts on analyzing software for vulnerabilities. Once a vulnerability is discovered, hackers can take advantage of it and, for example, gain unauthorized access to web servers. And, if like Apache Log4j, it’s a widely used utility, the hackers can replicate this attack against numerous organizations.

Web monitoring services have detected that around 100 hosts are actively scanning the internet to identify services which are running Apache Log4j. This scanning process is automated, so it can be left running continuously. Once platforms running Apache Log4j are identified, hackers have a relatively easy victim in their sights. All it would take is for the exploit to be taken advantage of and, very quickly, the hackers would be able to move deeper into the IT infrastructures of some major online businesses.

Protecting Yourself Against Vulnerabilities

Vulnerabilities such as Log4Shell are, unfortunately, inevitable due to the complexity of building software. Open source software, in particular, is difficult to police once it has been released and, of course, human error means nothing will ever be 100% secure. No specific damage has, as of this time of writing, been associated with the Log4Shell exploit, but the number of individuals at risk is very concerning. Thankfully, Apache have quickly developed a security patch for Log4j which will counter the vulnerability once it is installed.

The key takeaway from the Log4Shell vulnerability is that security patches are crucial. These need to be installed as soon as possible to mitigate any potential security breaches. However, there are other steps you can take minimize your risk:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Java_ai

Most systems today need to run Java occasionally. With the Java 7 end of life approaching, learn why it’s important to migrate to Java 8 to stay protected.

Oracle has supported Java SE 7 for 11 years now, however, with new developments on the latest version to support current and future technological developments, it has reached its end of life.

As of April 2015, Oracle will cease to provide updates for Java 7, which also includes discontinuing downloads for this version from their websites.

The good news is that existing customers are entitled to have continued support for any given security fixes or critical bug issues, including long term maintenance for Java 7 and older versions. All this will be available from Oracle’s Java SE Support team. However, it’s best to migrate to the latest version.

Oracle has also included an auto update feature since their January update to help migrate systems from Java 7 to 8.

Why migrate to Java 8?

Java 7 security updates will no longer be made automatically, making any systems running this version vulnerable. We strongly advise all users to switch to Java 8 for continued feature updates and to further close vulnerability exploits. Since vulnerabilities are likely to lead to exploits, its important to secure  your computer when browsing the internet on Java based websites.

Java exists to help applications and websites run correctly, which is fantastic. Being dependent on this component can lead to problems. With unpatched or outdated versions of Java, hackers can take advantage of using web browsers to serve up malware by exploiting its vulnerabilities.

By not maintaining frequent Java updates, this only serves to invite attackers to exploit your web browser and computer.

How to update Java and stay protected

Ophtek managed services clients are automatically updated.  Follow these steps to update Java manually.

Here are more detailed steps on how to install Java updates. Although the Java version shown in this tutorial is older, the method to install and update are still very much the same.

Remember that it’s worth spending a few minutes updating Java on your systems to lock them down from any possible future attacks.

For more ways to protect your office data, contact your local IT professionals.

Read More


java_tech

Java is required by many applications and websites to work properly. It can also be exploited by criminals.  Here’s why you should keep your java up to date.

Many business users need it to run custom or legacy applications. Java is not just for gamers. It is used by countless business applications.

Java Security Risks

As recently as January, hackers were able to exploit a security hole in Java to serve up malware to hundreds of thousands of systems per hour.

It is because of these security holes and many others that Java must be updated frequently.

Java often uses your web browser to access websites, and your web browser is the most vulnerable attack surface for hackers. Therefore, not updating Java religiously is playing with fire.

 How to Update Java

First, find out if you have the latest version here.

verify-java-version

Click the red Verify Java version box to allow Oracle’s website to find out if you have the latest version installed. If you are given a prompt stating Allow the Java plugin for your browser, click to allow it.  Next, another prompt will likely appear as shown below:

run-java-test

Click Run to allow the application to run. If you have reached this stage, you have Java, though not necessarily the latest edition. If you have the latest Java, you should get a window telling you Congratulations with an accompanying green check. If you don’t have the latest Java, you should see a screen that looks like this:

outdated-java

Click Click Download Java Now to get the latest version of Java.

agree

Click the red Agree and Start Free Download to get the newest Java for your system. The progress of the download should appear at the bottom of your browser. It will finish when no time appears next to the download.

java_install_c1

Click the .exe file to kick off the installation. You should promptly close your browser to avoid any roadblocks or conflicts.

Vista_Java_Install_2

When the security  warning appears, click Install to permit the latest Java to be installed.

install-java-silently-update-26-01

On the Welcome to Java screen, click Install again to allow the installation to proceed.  At some point during the installation, you will see the following window:

ask

At all costs, do NOT check the Install the Ask Toolbar and make Ask my default search provider option. The Ask Toolbar is completely unnecessary and makes your computer more vulnerable to infections. Click Next to allow the final steps of the installation.

download

After the green progress bar reaches the end, you will be directed to Oracle’s website where you will again see the following:

verify-java-version

As before, click the red Verify Java version button. Once again you should click Allow to enable the website to see what Java version you are running. Also, click Run in the following window to enable the test.

run-java-test

If you have the latest Java, you will see the following window:

congratulations

If the website still tells you your Java is outdated, go through the earlier steps starting with Download Java. If you have already downloaded and installed the latest Java and you get the outdated message, simply closing and reopening your browser will often correct the problem. Go back to Oracle’s website to verify your Java version.

For more about Java or other security issues affecting your home or office computers, consult with your local IT professional.

Read More