Massive NEW Hack WARNING & Stocks | Log4J

this video is brought to you by

wealthfront check out their link down

below hey everyone me kevin here

yesterday crypto prices went insane on

coin market cap where all of the prices

seem to be multiplied by like 15 to 9

million which was insane everybody felt

like they were a trillionaire you had

this same issue then show up on binance

which potentially makes sense because

binance owns coin market cap after all

but you also saw the issue show up on

crypto.com other apps and even coinbase

and coinbase pro where they had to start

basically removing the appearance of

coins from people's profiles to prevent

them from thinking that they can sell

and become trillionaires folks this is

maddening the crypto disaster of

yesterday was crazy but there is also a

crazy vulnerability that exists in our

internet ecosystem right now that could

end up proving jerome powell right today

a lot of folks are going to be talking

about jerome powell but they're going to

forget what jerome powell says the

biggest vulnerability in america is and

that's not terrorism it's not a banking

crisis it's not a financial crisis it is

cyber security and folks according to at

least one cyber security ceo this right

now what we are facing is the single

biggest most critical vulnerability of

the last decade and folks who knows but

maybe it had something to do with the

crypto glitch and disaster that we saw

yesterday in this video i'm going to

break down what the latest vulnerability

is and how software and apps that you

use including things like icloud tesla

steam and millions of other servers

servers not people could be affected by

let's get right into it so first

according to sis admins across the world

this is a cis admins worst nightmare why

because what we're experiencing is a

zero day vulnerability known as the log

for shell vulnerability and it has to do

with an exploit in the log for j or log

for java

essentially portion of apache and the

purpose of log4j is data logging for

java applications data logging is

exactly what it sounds like you wait for

a system to log events that have

happened you know this could be useful

for appliance banking troubleshooting

you name it makes sense so far right

apache contains a data logging utility

called log4j and that's used for java

and currently has this major

vulnerability the apache software

foundation is in fact the one who

acknowledges that this could affect

millions of servers a world wide twitter

cloudflare icloud steam you name it

cloudflare's c chief a security officer

joe sullivan goes as far as saying i'd

be hard-pressed to think of a company

that is not at risk and so started

taking a look at what the heck this is

and here's what we know well first a

message from our sponsor good long-term

investing doesn't have to feel like a

roller coaster you can't help but feel

beat up sometimes if you're trying to do

it all yourself in time to market

there's tons of data out there that

shows that investing in globally

diversified funds and portfolios of low

cost index funds is quite simply the

best way to steadily grow your wealth if

it sounds complicated don't worry it's

much easier than it sounds regardless of

your financial knowledge wealthfront

makes it easy affordable and accessible

to invest to open a new investment

account you just need 500 and a few

minutes of your time wealthfront handles

the rest for an annual fee of just .25

which is virtually nothing when you

consider the stress savings alone once

you open and fund your account

wealthfront software will manage all of

it for you it employs strategies like

rebalancing to keep you at a desired

risk threshold and it will even look for

opportunities to lower your taxes

through tax loss harvesting all done

automatically from general savings to

retirement accounts wealthfront has you

covered you can have wealthfront create

a portfolio for you based on your risk

tolerance or if you want you can build

it from scratch as well this is great

for those who want the benefits of an

automated investing platform with more

freedom so if you want to focus more of

your money into tech or evs or maybe

healthcare you can use wealthfront to

build a portfolio based on exactly the

sectors that you really believe in so

all you have to do is check out the link

down below go to

invest.wealthfront.com

meet kevin and learn more

we know that this vulnerability is not

only widespread but it's potentially

catastrophic it basically allows

attackers to remotely execute code on

other people's servers

so in the case of crypto in theory

somebody could remotely send a ping

essentially and i'm oversimplifying here

send a ping or a message to a server and

then have a server execute a total set

of code this is a very similar exploit

but it's different from the last time we

saw a major exploit like this and this

was heartbleed back in i believe 2014.

take a look at how heartbleed would work

and it shows you how bad this is

usual server response would be hey you

send a message server send me a four

letter word if you're alive it's like a

ping send me the word

bird if you're alive let's say server

replies with bird hey i'm alive i'm

online okay now malicious usage which is

similar slightly different but similar

to this log4j exploit okay watch how bad

this is okay

server send me this 500 letter word if

you are there and then all of a sudden

uh

you know rather than replying with the

word bird which is a four-letter word

the server replies with the following

bird server master key is the following

and the user wants to change their

password to blah blah blah blah blah in

other words giving somebody potentially

unrestricted access to servers this was

so bad that folks in minecraft were able

to send messages to other people

then

just by sending a message to somebody

else force a server to make changes on

their end allowing people in minecraft

to basically get hacked through this

glitch this is crazy i mean you can

remotely execute code basically on

somebody else's server just by sending

them a message this is bad and not a lot

of people are talking about it because

it's slightly complicated but i'm not a

tech expert and this just sounds bad

this folks is one of the biggest

vulnerabilities seriously that we've

seen since heartbleed heartbleed came

out in feb 2012 but wasn't patched until

april of 2014 because folks didn't

really realize it until 2014 because

then it started getting exploited these

these vulnerabilities can exist and they

become issues when they start getting

exploited it's worth noting that cyber

security form from crowdstrike recently

updated their blog and said that

crowdstrike has identified a malicious

java class file hosted on an

infrastructure database associated with

a nation state adversary so you're

already starting to potentially get

a terrorist sponsoring states using this

exploit very bad who knows the crypto

price changes we saw yesterday could

just be the tip of the iceberg we don't

know if these are related but it's just

worth noting massive crazy crypto glitch

yesterday

which is the day after this log 4j issue

started becoming a lot more known and

now we're talking about it the day after

and who knows this could just be the

beginning i mean uh aws with amazon just

sent out another alert that they're

having an outage it's it's ridiculous

but anyway this vulnerability is huge uh

and here's here's some important things

to keep in mind cyber security agencies

around the world including the united

states cyber security and infrastructure

security agency are issuing a lot of

alerts on this and it was actually

surprisingly alibaba's a cloud security

team who first disclosed this

vulnerability this vulnerability was

initially made public though not

popularized until the last couple days

here was initially made public on the

9th and basically users have been

instructed to update their servers uh to

a to a new version or reconfigure as

soon as possible but it's not as easy as

it sounds because if you're using older

versions of java you can't just upgrade

to log4j even if your java was up to

date an update could cause downtime

which cause it could cause compliance

issues or or just functionality issues

it's not that easy to just update and so

patching this has become a very big

issue and so this is where you actually

and this is potentially a stock to keep

an eye on though the valuation's a

little wild

look at a company like cloudflare so

cloudflare acts as kind of like a

bodyguard of the internet to try to

prevent these sorts of things from

happening i'll just

quickly depict how this could look so

let's say rather than fixing the issue

over here which obviously is the

ultimate goal

let's say rather than your server

communicating directly with the client

you had a bodyguard in between and it

was called cloudflare and so basically

when a client requests information from

your server it goes to cloudflare first

and then cloudflare gets the information

checks to make sure it's not extra

information and then ultimately says no

no no we're not sending all that we're

just going to send this and then

provides what's being asked so if you

get a company like cloudflare which does

a whole host of services this being one

example of them they do cdn services or

whatever as well they can actually stand

between the client and the server to

prevent these sorts of issues once

somebody gets into your server it's bad

bad bad days that's why this

vulnerability is a big big issue and

it's one of the things that's made me

appreciate the fact that not only is

cloudflare a seven-figure investment for

me so i just want to be very transparent

i do invest in the stock but and look

there are other cyber security companies

even crowdstrike honestly crowdstrike

has probably a better forward valuation

a crowdstrike has a forward pe to 2025

of 90. cloudflare has a forward pe of

353. now it's recently come down about

30 off of all-time highs it's performed

incredibly well uh they're expecting 39

year-over-year growth with 78 gross

margins crowdstrike is expecting

somewhere around 33 year-over-year gross

with 76 gross margins so these are these

are incredible companies but more

nascent technologies so you're paying a

lot valuation-wise for these companies

but these sorts of vulnerabilities

continue to reiterate to me gosh we

gotta we really gotta pay attention to

cyber security and i feel like it's just

it's not sexy yet because we're not

seeing the big big hacks yet but i think

personally we're starting to see the red

flags the red flags are the crypto

glitch we saw yesterday the aws outages

that we keep seeing the fact that

companies like crowds cloudflare can

stand in between servers and clients to

prevent these sorts of crazy issues

cyber security is is something that

people think of when you need it it's

kind of like you don't wake up thinking

about the cops every day but you know

they're there uh no i don't want to get

political about liking cops they're not

liking cops right but the point is you

like you expect the cops to show up if

you dial 9-1-1 right imagine if you

didn't have a 9-1-1 that'd be kind of

like being naked on the internet without

uh

cyber security firms so it doesn't have

to be these companies but i highly

encourage pay attention to cyber

security going forward for this next

decade because when jay pal says that is

the biggest risk we face and we're

seeing these massive sorts of

vulnerability that could give people

access to to basically any server across

the world it's no surprise that hacks

like what we saw with uh crypto are

happening or not necessarily hacks or it

could have just been a glitch but um i

get sussed out when i think that

okay it's just a glitch that'll excuse

me then all of a sudden sorry i get

allergic and i start coughing when i

think of all the bs that this isn't

actually a hack

anyway

why do i not think it's it's uh it's a

glitch i think it's not because why all

of a sudden are we getting some random

altcoin uh called cocos uh showing up at

the top of coin market cap as the number

one most uh substantial

cryptocurrency

and we see that despite it not even

lining up price wise uh with

uh with bitcoin or ethereum after the

glitch this is a token that's ranked 483

right now on coin market cap uh it's

down three percent today but i i'm just

a little sussed out when you see if see

things that kind of leave the

fingerprints or the breadcrumbs of a

hack

it kind of makes me start thinking about

cyber security now i could be wrong

about all this it's just my opinion

about this glitch we saw we know this

massive vulnerability exists and let's

just say i'm buying the dip on

cloudflare

okay full transparency out there if you

appreciate these sorts of videos please

consider checking out my programs and

building your wealth check out that link

down below for a wealthfront and folks

we'll see in the next one thanks so much

goodbye