Last week, we reported the Log4j Java Library Security Problem. Now we are informing you that the FTC Requires Businesses To Fix Log4j Java Security Issue.
Most people are aware of the Log4j Java issue. This is a serious flaw that Java logging can fix.
The United States Federal Trade Commission (FTC) has issued a chilling warning to anyone who hasn't yet addressed the flaw or protected themselves against it.
According to FTC, this statement reads:
"The FTC will use its legal authority to pursue those companies that fail to take reasonable steps to protect consumer data. Log4j and other known vulnerabilities are just a few examples.
Failing to fix these situations could lead to a violation under the FTC Act.
Log4j is one example of many structural issues. Log4j is one of many important, yet undiscovered open-source services that are widely used by many internet companies.
These projects are managed and often created by volunteers, who don't always have the time or resources to respond to emergencies and provide proactive maintenance. However, they are vital for the internet economy.
This overall dynamic will be considered by the FTC as it works to address security threats from users.
The FTC has made clear that they will not play with this issue. Equifax was fined $700 million in 2019 for customer data leakage.
The FTC clearly makes this threat possible. To avoid losing your track, make sure you install Long4j now. Keep an eye out for similar issues.
The FTC may impose harsh penalties that could send businesses reeling. Don't risk it. Keep your eyes peeled. It will be an exciting year. Integrated Technology Systems managed services will enable you to stay out of harms way. Call us today for a complete assessment of your network.
You should be aware of other issues
This malware steals passwords from popular browsers
A new threat is on the horizon. Even if you don’t know the name, this malware strain poses a serious threat.
RedLine is an information-stealing malware. It attacks popular web browsers such as Opera, Microsoft Edge, Chrome, and Microsoft Edge.
Many people trust their web browser to store and remember their passwords. RedLine has taken advantage and discovered a way to crack the browser so that passwords can be retrieved.
RedLine is not a problem that only one gang or group has. Instead, it is being sold via the Dark Web as a commodity. Anyone can buy a copy of this software for $200 USD and start harvesting credentials from others they infect.
While passwords saved in web browsers may be encrypted, RedLine programmatically encrypts them if both users log into the system as the same person. This is exactly what's happening here. RedLine runs as an infected user. This means that all passwords are accessible to the person controlling the malware.
Although it's convenient, having all your passwords stored in one place can prove dangerous. If you're determined to do that, the best thing to do is enable two-factor authentication on any websites that offer it. Hackers can't gain access to your accounts even if your passwords are compromised.
RedLine is being promoted via the Dark Web, so we can expect an increase in malware attacks over the next months. It's going to get worse before it gets better. Is it possible to stay safe? Give Integrated Technology Systems a call to find out.
Cellular Company: New Data Breach
Hackers around the world have been active preparing for the dawning of a new year. This time, a cellular company is the target.
The company recently stated that their accounting system was compromised. They sent data breach notice letters out to more than 400 affected people.
America's fourth largest carrier, US Cellular, is located in Texas. The attack appears to have been very limited in scope and magnitude, with a small sampling of customers being affected. For those not notified by US Cellular, this is a small consolation.
These were the words of company representatives about the incident
"US Cellular discovered a security problem in our billing system on the 13th December 2021. Unauthorized individuals accessed our account system and obtained access to wireless customer accounts that contained personal data.
Customers' accounts include information like name, address, and pin code. These accounts also contain information about wireless services such as usage, billing statements and details about service plans.
The CRM system hides sensitive information like credit card numbers and Social Security numbers. There is no evidence that someone has accessed your US Cellular Online account."
If you do not receive notification from US Cellular, it is likely that your account records have not been compromised. It may be necessary to reset your password. Be on the lookout for suspicious email messages that may be directed at you. You might become more vulnerable to being scammed by phishing emails after a while.