New Alert: The UK’s Online Safety Bill Hurts Internet Privacy: Signal App Might Walk

CyberGhost VPN Mitigates Security Risks Caused by Apache Log4j Vulnerability

We’re Protecting Our Servers from Apache Log4j Vulnerability

3 MIN READ | Last updated: Jan 21, 2024 | By

Table of contents
We’ve Added Extra Protection to CyberGhost VPN Servers
What We’re Doing Locally
All You Need to Know About Log4j Vulnerability
How You Can Protect Yourself

Here’s the news, Ghosties. You might have heard about the Log4j vulnerability recently. It made headlines in cybersecurity news and trended on Twitter.

Here, at CyberGhost VPN we’ve taken measures to protect our VPN servers of Log4j exploits. No user data or server data has been compromised.

Here’s what you need to know.

We’ve Added Extra Protection to CyberGhost VPN Servers

The Log4j vulnerability makes it easier for attackers to infect computers and servers with malware.

Our infrastructure team quickly reacted when we got wind of the zero-day in the Log4j Java library and implemented firewalls on all our VPN servers. These firewalls target and block specific traffic that’s associated with the Log4Shell attacks.

This means that no one can exploit the vulnerability to remotely access our servers, and no one can use our servers to perform an attack through the vulnerability. Despite the exploit, no one can access your data as long as you’re connected to one of our servers.

We are effectively blocking Lightweight Directory Access Protocol (LDAP) traffic and the ports associated with Log4j vulnerability. Since LDAP has Log4j functionalities integrated, it’s the safest way to prevent exploits.

So what does this mean for you? If you’re using our service, there are no extra steps or configurations you need to do. Our team handled everything server-side.

Our team will closely monitor the situation and keep an eye for any developments that would warrant any client-side modifications. You would see this as an app update with no effects on your VPN usage.

What We’re Doing Locally

After a thorough investigation, our team determined that our codebase isn’t affected and isn’t vulnerable to such exploits. No one can remotely access our infrastructure or other sensitive data.

We’ve taken the necessary precautions across our network to prevent our systems from being exploited. Our teams will continue to monitor the situation closely.

All You Need to Know About Log4j Vulnerability

Apache Log4j is a commonly used logging package for Java. Think of it as a library. With the help of Log4j library, the app you’re using can create and save log reports, like an error report when your app doesn’t open properly. Developers use these logs to check for potential bugs or areas to improve.

This is common practice and doesn’t pose a risk to your privacy.

But with the Log4j vulnerability, an attacker can get a vulnerable application to create a log with a certain type of content. For example, the attacker could create a log that’s saved locally on your device.

Here’s where the Apache’s main feature comes into play. The log4j library is also able to retrieve additional log content from another server.

This means that the attacker could effectively retrieve log data remotely from the servers of the app you’re using, like for example Apple services. Now the cybercriminal can upload malware onto the server, which would in turn load and execute locally on your device.

Log4j is effectively integrated into the internet’s infrastructure, so it’s no wonder companies like Twitter, Apple, Amazon, and many, many others are also at risk. Cloud services could likely be most affected.

For example, the exploit was first demonstrated in Minecraft, when the malicious actor just needed to send a message in the chat and gained access to Minecraft’s servers.

Many online services and apps rely on Apache Log4j, so you’ll need to keep an eye out for any unusual activity.

If you feel like checking out all the technical details, see remote code execution vulnerability CVE-2021-44228 on MITRE.

How You Can Protect Yourself

As long as you use any apps or device that uses the Java framework, cybercriminals can exploit this vulnerability. Until an official patch comes out, you need to be proactive and take preventive measures.

  1. Always surf online with CyberGhost VPN on. Our protective layer helps mitigate the risk of an attack.
  2. Check all your apps for security updates. They’ll likely contain a patch to protect your data and devices.
  3. Update your router or firewall settings to block outbound traffic to ports associated with the LDAP protocol, like 389, 636, 1389, 3268, and 3269.

If you need any help with the third step, don’t hesitate to reach out to the manufacturer’s support team.

If your organization relies on Log4j, make sure to update to the most recent version of the library, and follow Apache Log4j guidelines.

Author Adina Ailoaiei

No matter if it's social media channels or blogs, Adina stays up to date with all security-related matters and aims to help fellow Ghosties protect their privacy.

Follow me

Leave a comment

Alissa Fernandez

Posted on 16/02/2022 at 16:35

Hi I have a NETGEAR R7000P router how I setup to the router and what I suppose to do ?

Reply

Adina Ailoaiei

Posted on 17/02/2022 at 10:07

Hi Alissa. Please get in touch with our 24/7 support team for more information on routers.

Write a comment

Your email address will not be published. Required fields are marked*