ZenMate VPN Offers Full Protection
Against the Apache Log4j Vulnerability
The Log4j vulnerability known as Log4Shell has made waves in the cyber-security online space this past week.
The truth is, there have been reports of the vulnerability being used as early as December 1st. Still, it went by unnoticed because the severity of the exploit was until recently unknown.
The situation changed this past weekend when Log4j started making the headlines. After an attack on a Minecraft server, experts quickly realized that the vulnerability affects millions of apps and software services. That's because the source of the problem, Log4j, is used by so many companies worldwide.
The Apache Log4j Vulnerability Explained
Simply put, Log4j, tracked as CVE-2021-44228, is an open-source logging package as part of a project of the Apache Software Foundation.
It's built-in a lot of applications, and it records basic things like bugs and errors and performs lookups within JNDI (Java Naming and Directory Interface) to obtain services from LDAP (Lightweight Directory Access Protocol).
This practice is common for major app developers and companies like Twitter, Apple, Amazon, and many others. And Log4j does not represent a privacy or security threat if it operates as it should. Instead, the framework records app errors and helps developers debug the software.
The problem is, cyber-attackers discovered that when entering a specific syntax in text fields within apps that uses Log4j, it compromises the app and gives you access to their servers.
And instead of doing basic things as a user would, a cyber-attacker could install a crypto-miner, grow a botnet or export data from the server it accessed.
This vulnerability has a threat score of 10.0 out of 10.0. because of the ease of attack, its impact, and because ultimately, it affects so many apps and services.
And there's no easy fix for it. First, admins must update the apps and everything else they use Java. So, they must look at their entire infrastructure and find the parts they need to patch. Which, as you can imagine, is no small feat.
The Steps ZenMate Took for Your Protection
1. Our infrastructure team quickly implemented firewalls on all our VPN servers to block specific traffic associated with the Log4shell attacks.
This means no one can run the Log4j exploit to access our servers. So, no one can use our servers to perform an attack.
And we added protection from the common attacks, so no one can access your data if you're connected to the ZenMate servers.
2. ZenMate also blocks all LDAP traffic and the ports associated with the Log4j vulnerability to prevent exploits.
So, you can rest assured knowing that if you use ZenMate VPN, there are no extra steps you need to take to protect yourself from the Log4j vulnerability.
Our team took care of everything to secure your data and your devices. Just make sure your app is up to date to stay safe.
3. The ZenMate infrastructure team is closely monitoring the situation and keeping an eye out for any developments to update the apps as needed.
Luckily, after careful and comprehensive analysis, our team determined that ZenMate isn't running any applications that could be affected by Log4j exploit. As a result, no one can remotely access our infrastructure or other sensitive data.
We've taken the necessary precautions across our network to prevent our systems from being exploited.
Additional Steps You Can Take for Full Protection from Log4Shell
Unfortunately, since so many apps and services are being affected, it is impossible to avoid the Log4j exploit. So, it's up to you to stay safe until developers patch their apps.
Here are a few tips to help you get by until then:
1. Make sure you're always connected to a ZenMate server while you're online. We took preventive measures to guarantee you'll be protected from Log4Shell.
2. Make sure your apps are updated. Constantly check for new updates as developers are doing their best to patch the security risks posed by this exploit.
3. Update your router or firewall settings to block outbound traffic to ports associated with the LDAP protocol, like 389, 636, 1389, 3268, and 3269.
Your manufacturer's support team should be able to help you out with this. ZenMate already blocks this incoming traffic, but you can update your router as an extra precautionary measure.
Lastly, always check back with new developments and security measures regarding the Apache Log4j vulnerability. The situation is still unfolding, and emerging details can shed more light on staying protected.