The Log4j Security Flaw Could Affect The Entire Internet Heres What You Should Be Aware Of

From World History
Jump to: navigation, search

TrustedSec CEO David Kennedy stated that while it will take years to fix this, hackers will be on the lookout... every day to exploit it." "This is a real threat for businesses."



Here's what you should know:



Log4j What is it and why is it so important?



According to security experts, Log4j is among the most popular online logging libraries. Log4j lets software developers create a record of activity that can be used for troubleshooting and auditing, as well as data tracking. The library is free and open source, so it can be used across all areas of the internet.



"It's ubiquitous. Even if you don't utilize Log4j directly as developer, you may still be vulnerable to malware because one open source program you use depends upon Log4j," Chris Eng of cybersecurity firm Veracode said to CNN Business. This is the way software works: It's turtles all down.



Companies such as Apple, IBM, Oracle, Cisco, Google and Amazon, all have the software. It could present on popular websites and apps and hundreds of millions of devices which access these services could be vulnerable to security vulnerabilities.



Are hackers exploiting it?



Attackers seem to have had more than a week's head begin to exploit the flaw in software before it was disclosed publicly by cybersecurity firm Cloudflare. With so many hacking attempts being made every day, many are worried that the most severe attack is yet to come.



"Sophisticated and more experienced threat agents will figure out ways to effectively exploit vulnerabilities to maximize gains," Mark Ostrowski (Check Point's chief engineer) told reporters on Tuesday.



Late on Tuesday night, Microsoft said in an update to a blog post that state-backed hackers from China, Iran, North Korea and Turkey have tried to exploit the Log4j vulnerability.



What makes this security flaw so dangerous?



Experts are particularly concerned about the vulnerability as hackers could gain easy access to a company’s computer server, giving them access to other parts of a network. Kennedy states that it is difficult to spot the vulnerability and determine if a system is already compromised.



In addition, a third vulnerability in Log4j's software was discovered late on Tuesday. The Apache Software Foundation, a non-profit that developed Log4j, and other open-source software, has issued a security patch for organizations.



What are the companies doing to tackle the problem?



This week, Minecraft published a blog posting announcing that a vulnerability had been discovered in a version its game. It promptly released a fix. Other companies have followed similar steps.



US warns that hundreds of millions of devices are at risk because of a newly discovered software vulnerability



Customers have received alerts from IBM, Oracle, AWS, Cloudflare, and AWS. Certain companies release security updates, while others describe their plans for possible patches.



"This is such a severe vulnerability, but it's not something you can press the button to fix it like a standard major vulnerability. It's going to require an enormous amount of time and effort," said Kennedy.



CISA declared that it would create an online platform that would provide updates on software products that are affected by the vulnerability.



What can you do to safeguard yourself?



The onus is on businesses to take action. For now, people should be sure to update their devices, software and apps when companies give prompts in the coming days and weeks.



What's next?



The US government has warned affected businesses to be on high alert for cyberattacks and ransomware during the Christmas season.



There is concern that an increasing number malicious actors are making use of the vulnerability in novel ways. And while big technology companies may have security teams in place to combat the threat however, many other companies do not.



"What I am most concerned about are schools hospitals, the areas where there is a single IT person who handles security but does not have a security budget or the tools," Katie Nickels, Director Intelligence at cybersecurity company Red Canary. "Those are the organizations I'm most concerned about -- small organizations with small budgets for security."

EXTREMECRAFT
Retrieved from "https://historydb.date/index.php?title=The_Log4j_Security_Flaw_Could_Affect_The_Entire_Internet_Heres_What_You_Should_Be_Aware_Of&oldid=2426459"