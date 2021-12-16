Here’s how to protect yourself from hackers right now, according to an urgent Google Cloud warning about an Apache Log4j vulnerability.

GOOGLE is advising users not to use Cloud Console because hackers may be able to take advantage of an Apache vulnerability.

The Apache Log4j 2 utility is a free Apache framework for logging requests.

On December 9, a vulnerability was reported that could allow systems running Apache Log4j version 2.14.1 or lower to be hacked.

According to Check Point researchers, attackers are attempting to scan the internet for vulnerable Log4j, with another 100 attempts to exploit the vulnerability every minute.

Hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability were discovered, according to Sophos security researchers.

This is a common tactic used by hackers to exploit newly discovered vulnerabilities in order to maximize their chances of exploiting them before they are fixed.

Google said it will “actively monitor this event and provide updates to this blog post” in the future.

“Like many other companies, we’re keeping a close eye on this vulnerability.

A Google spokesperson said, “Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers.”

“We’re tracking real-time updates here at Google Cloud, and we’ll be updating this security advisory as we assess the impact,” says the company.

“We have successfully validated and deployed a new preconfigured WAF rule in Cloud Armor that will assist customers in detecting and blocking attempted CVE-2021-44228 exploits on their network.”

“The gravity of this threat cannot be overstated.”

On the surface, this appears to be aimed at cryptominers, but we believe it creates exactly the kind of background noise that serious actors will try to exploit,” said Lotem Finkelstein, Check Point’s director of threat intelligence.

Customers should upgrade to Log4j version 2.15.0 as soon as possible, according to Google.

Customers can mitigate the issue by setting the “No Lookups property (log4j2.formatMsgNoLookups)” to true if the upgrade can’t be completed quickly.

In addition to updating, Google Cloud Security products can assist in detecting and resolving exploitation issues until a patch is released.

Users should also use a vulnerability scanner to find issues reported by the National Vulnerability Database.

Cloud Armor can also help mitigate threats until a patch is applied.

Cloud Armor can be turned on via the Cloud Console, then Network Security, or via an API call.

