Log4j Vulnerability is Almost Guaranteed to Impact Your Business

a man in a hooded sweatshirt typing on a keyboard

The major Log4j vulnerability has a widespread impact across various technology. We can’t stress how serious this is, and your business needs to take action right away.

What is Log4j?

We’ll keep it simple; programmers can utilize different programming languages when creating software. One of these languages is called Java, and in Java, programmers have “libraries” of instructions to work with. Log4j is one of those libraries.

A severe vulnerability has recently been discovered in the Log4j library that cybercriminals can exploit to gain access to your systems and data. It leaves your business and your information wide open to the world.

This particular Java library is pretty standard and is used in many applications and systems. It’s been used by some pretty popular products and services from some big names, like:

  • Amazon
  • Apple
  • Cisco
  • Fortinet
  • Google
  • IBM
  • Microsoft
  • SonicWall
  • Sophos
  • VMware

…as well as others, large and small. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) is affected.

Could The Log4j vulnerability impact my business?

The chances are pretty high that your business uses some software that utilizes Log4j, making it susceptible to vulnerability. We can’t stress enough that this affects the big guys in the list above, but everyone uses their software.

The risks are incredibly high, too—with the vulnerability just coming to light, cybercriminals are going to start exploiting it. This is called a Zero-Day vulnerability, and it’s a ticking time-bomb.

How Can My Business Be Protected from Log4j?

You need to apply your security patches and updates and ensure that the software you use—all of the software you use—is getting support from your vendors. Suppose you are using software that is no longer supported or no longer gets updated. In that case, you’ll need to audit that system to determine if it is affected by the vulnerability or not. We recommend setting up an appointment to have your entire network audited. You can get this started by giving us a call at PHONENUMBER.

The problem is, as a user, you can’t tell if a website or piece of software is using this particular Java library.

Everything Just Got a Little Riskier, So It’s Up to You To Protect Yourself

Since this vulnerability is so widespread, it’s likely to have a lasting impact across all technology for years. It’s more critical than ever to use vital password hygiene. “Password123” isn’t going to cut it anymore. Everyone needs to start using strong passwords and use unique passwords across every single website and account they use. Otherwise, when one system is breached due to this vulnerability, cybercriminals will be able to use the passwords they stole from one account to get into others. This involves following the primary password best practices that we always talk about, like:

  • Using a unique password for each account and website
  • Using a mix of alphanumeric characters and symbols
  • Using a sufficiently complex passcode to help with memorability without shorting your security
  • Keeping passwords to yourself

Audit your IT TODAY

You need to protect the interests and information of your employees and customers. We recommend contacting a professional and having all your technology reviewed and updated.

Give AE Technology Group a call at (516) 536-5006 to schedule an appointment. Don’t wait for the Log4j vulnerability to blow over—it’s going to be a dangerous situation for companies that don’t take action.

The Major Takeaways from the Big Facebook Outage of 2021

Switching off Facebook. Silhouette of person hands disconnecting plugs, symbol of Facebook global outage

Unless you live under a rock and somehow missed it, Facebook experienced an outage, an inconvenience that kept users from accessing its services all over the world. Perhaps to your surprise, the real ramifications of this outage have nothing to do with people not being able to share pictures of their cats or yell at each other in the comments.

Let’s take a look at the event and what your business can learn from it.

The True Scope of the Outage Went Far Beyond Facebook

The fact of the matter is that not only was Facebook impacted, but so too were the other services it has acquired over the years, including an unlaunched web operating system called Parakey back in 2007 and the CRM platform Kustomer in 2020. Rest assured, Meta (the company that Facebook is owned by) also owns other services that were affected by the outage.

The big issue is that businesses relying on Facebook and its other applications were also impacted by the outage. WhatsApp, for example, is a VoIP and messaging application used by many organizations, so if Facebook goes out, then it stands to reason that this would create problems for any companies that rely on it. It’s the same case for any service that uses Facebook as its login credential. Users simply were not able to use these services during the outage.

You can see how one outage can set off a chain reaction and create problems for countless organizations around the world. It just goes to show that you can’t always rely on one particular solution or service for all of your needs.

Your Company Needs a Backup Plan

If some businesses were crippled by the Facebook outage, then imagine what would happen in the event of a Google or Microsoft outage. Granted, you could be using a solution that is not affiliated with either, and that could go down just as easily. It’s safe to say that no business is immune to this challenge, so you must do what you can to prepare for it.

The key to solving this dilemma is to use the business continuity planning mindset to your advantage. With business continuity, you are actively preparing for your business to not have access to assets that allow it to function. In other words, you should have a contingency plan in place, and your employees need to be able to make the shift regardless of where they happen to be working. If you can make this happen, then you’re in a good spot.

We Can Help Your Company Prepare for Any Kind of Disaster

There is so much that can go wrong for your business, especially where data and access are concerned. Let the professionals at AE Technology Group put your minds at ease with our managed services. To learn more, give us a call at (516) 536-5006.

How the Semiconductor Shortage is Influencing Supply Chains

In a Secure High Level Laboratory Scientists in a Coverall Conducting a Research. Chemist Adjusts Samples in a Petri Dish with Pincers.

You may have noticed the recent price increase for consumer and business electronics, and it’s all caused by issues related to the global semiconductor shortage. How have these supply chains, stable for so long, been dealt such a severe blow to the point where acquiring new computers and networking equipment is so challenging? Read on to find out.

The Law of Supply and Demand

In 2020, as COVID-19 forced the majority of businesses and organizations to shift to remote operations, the global demand for new computers skyrocketed. 2021 has not been much better. While this looks like a great benefit for the semiconductor industry at first glance, that is only half of the equation. The industry may have seen its sales expand to nearly half a trillion dollars over the past year, but at what cost?

When the supply chain cannot keep up with demand, it is natural that the supply will eventually run dry. When you compare this immense demand to the PC market in previous years, you might start to see why such a shortage exists. The stagnation in the PC market coupled with the increase in demand for these devices, as well as other electronics and the greater need for cloud computing, led many industry professionals to forecast increases of another 12 percent in 2021 to $511 billion.

As a result of this massive bump in demand, the industry simply was not prepared for the influx of sales and, thus, could not keep up with it. The shortage itself began in the second quarter of 2020, and its effects have been felt by manufacturers, retailers, and businesses alike.

The Greater Ramifications

The semiconductor shortage doesn’t only impact computers and smartphones; it is causing ripples all over for any devices that require them. One notable example is the automotive industry, which has experienced several halts in production due to the chip shortage.

On a greater scale, the electronics industry has had to make several hard choices related to hardware simply because the pieces required to make their devices are not available in the needed quantities. As you might imagine, this shortage has a considerably larger impact on smaller organizations, as large-scale manufacturers have the advantage of more capital to invest in buying up the remaining stock.

How This Affects Your Business

It might not be clear how this semiconductor shortage will affect your business, but what is clear is that people with an understanding of this industry are not holding their breath expecting the issue to resolve itself. Businesses, in particular, will need to keep their eyes on the market for any signs of recovery, as the need for new hardware and increased data processing capacity will drive the demand for semiconductors until the shortage recedes.

It’s likely that businesses will see increased prices for the foreseeable future–at least for the next four to six fiscal quarters, or until the supply chain is able to recover and fulfill demand. AE Technology Group will keep an eye on this situation so we can best serve our clients. After all, we want to help you get the best resources at a reasonable price. If you have any questions or concerns about this semiconductor shortage, AE Technology Group is happy to help. To learn more about how we can help you navigate this situation, reach out to us at (516) 536-5006.

BlackRock Trojan: Aggressive Viral Menace For Android Device Users

blackrock trojan aggressive viral menace for android device users

A new attack on android applications known as the BlackRock trojan has already targeted over 300 applications on the android operating system, including banking, social media, and dating applications. Any application with payment features, which is most nowadays, has been targeted and users credit card information has been compromised. How does this all work though, and what implications will it have for the future of the android operating system?

The Mechanics of BlackRock

The essential approach that BlackRock takes to get access to your information is it sends out a false Google Update and requests accessibility privileges. After it is granted these privileges it develops its own autonomy and no longer needs further interaction from the user to operate, it does this through granting itself further permissions afterwards. 

Some abilities BlackRock has, are traditional of trojan attacks, and some are quite problematic. It can collect device information, it can perform overlay attacks, but even more concerning, it can prevent antivirus software and even prevent uninstalling, leading to a longer lifespan than most hacks and more damage being done to your device and more of your information being compromised.

The Network and History of BlackRock Malware

Information from the site ThreatFabric has concluded that BlackRock is based on banking malware known as Xerxes, which itself is a version of Lokibot malware, discovered in 2019. Lokibot is part of an underground network of rented malware which circulated in 2016 and 2017. What really caused it to be a ubiquitous problem is when the source code got leaked. 

Android tried to get out in front of the older malware by pushing their newer devices which, with their new hardware, had a natural adaptation curve for implementing the attacks on the new systems. This, unfortunately, didn’t last long. In 2018, MysteryBot dropped, which was an update on the Xerxes system to work with new Android systems. 

The ancestral history of BlackRock is inundated with Lokibot variants. Parasite was a brief problem, although after disappearing from the malware space, Xeres was the direct parent of BlackRock, with the former appearing in 2019 and now, here in 2020, we have BlackRock.

Top Apps That Have Been Threatened

Numerous applications have suffered the injection and compromise of BlackRock, but the most notable are:

  • Gmail
  • Google Play
  • Netflix
  • Wells Fargo
  • Twitter
  • Instagram
  • Facebook

Many others have been targeted as well, leading to an entire suite of applications being at risk. Millions of users could have been affected and had their financial and contact information now in the hands of hackers, which could be numerous themselves seeing as the above mentioned malware network is vast and diverse.

Implications for Android

Android, being a more open operating system, runs the risk of more of these said attacks if they don’t take a new approach to how they monitor their application base. Two futures exist for android after this latest breach.

One, they stay with the same approach they have now and hope that they can rely on a numbers game, praying that the majority of their apps stay solid with their own individual protection protocols, and hoping the majority of their users stay safe.

The other is they radically change how they monitor their operating system, implementing much more rigorous analysis of their potential apps and making the approval process contain much more scrutiny in their security requirements. 

Either way the future for android will remain risky if they simply ignore the growing underground network of malware. They desperately need to engage in research of this growing corner of the hacking world if they have any hope of maintaining a safe and secure user base.

Get more news, tips and tricks at our blog here.

Phasing Out 32-Bit Windows 10 Support Starting with OEMs

starting with oems phasing out 32 bit windows 10 support 2

Microsoft has recently announced they plan to phase out support for the 32-bit version of their Windows 10 operating system. This recent change will arrive in their May 2020 (version 2004) release. At least initially, this phase out is intended only for their OEM (original equipment manufacturer) devices.

Phasing out their 32-bit version is simply a sign of the continual progress and expansion that tech companies embrace as they seek to provide more capable and more powerful technology devices for their user base.

Their Statement

Microsoft’s official statement regarding the phase out advises that beginning with the 2004 version of the Windows 10 operating system, all builds will be required to only use their 64-bit version for OEM distribution. Microsoft goes on to pledge continued support for anyone who still uses the 32-bit version of their OS by continuing to release security and feature updates for the 32-bit devices.  

The Impact

Fortunately the impact of the phase out at least initially, is minimal. The 32-bit version of Microsoft’s Windows 10 operating system compromises only a very modest .20 percent of their overall customer base for this specific operating system. The overwhelming majority of Windows 10 users are already using the more robust 64-bit version of the OS. Of course, whenever a phase out occurs it is usually indicative of further reductions down the road. Eventually, Microsoft will likely phase out 32-bit versions altogether, although it remains to be seen how slowly or how quickly that may occur. 

Why the Change?

In terms of internal processing power, more is always better and there is simply an increased demand for 64-bit operating systems. Compared with the 32-bit version of Microsoft’s OS, the 64-bit version can handle more data at a time and it’s capable of storing more computational values, including memory addresses. With users demanding more and more service from their devices, 64-bit operating systems are easily more suited to keep up with demand. This increase in demand is also reflected in the software applications that developers create. A software app that takes advantage of the additional computational power associated with a 64-bit version of an OS delivers more value to their users.

Another reason why Microsoft decided to phase out their 32-bit version is that it’s always less complicated for operating system manufacturers and related parties to streamline the number of architectures they support at any one time. By streamlining OS versions, it allows those who develop Windows-based compatible software applications to avoid potential issues and development conflicts. Focusing on one architecture allows software application creators to target their efforts on adding real value to a single platform.

The Good News

For those users who want to embrace changes as technology moves ever onward, it is possible for those with the 32-bit version of Windows 10 to install the 64-bit version as long as their internal processor supports the transition. The benefits of doing so of course, will include a machine that is able to process information at a faster speed, thus increasing the responsiveness of the device. Any device that is more capable and runs faster is always a welcome improvement.

For those who have their reasons for wanting to remain with the 32-bit version, at least in the near future it is likely that manufacturers have at least some 32-bit versions remaining in stock. How fast that stock will become depleted is anyone’s guess. If you would like to know more about Microsoft’s phase out plan for their 32-bit version of Windows 10 or how to switch from their 32-bit to the 64-bit version, please contact us.