Notes
Notes - notes.io |
TrustedSec CEO David Kennedy stated that while it will take years to fix thisissue, hackers will be on the lookout... every day [to exploit it]." "This is a ticking bomb for companies."
Here are some of the things you need to be aware of:
What is Log4j and why is it important?
Log4j is among the most popular logging libraries online, according to cybersecurity experts. Log4j allows software developers to keep a log of their activities that can be used for troubleshooting and auditing as well as data tracking. The library is free and open source which means it can be used in all areas of the internet.
"It's ubiquitous. Even if you're a programmer who doesn't use Log4j directly, you might still be running the vulnerable code since one of the open source libraries you are using is dependent on Log4j," Chris Eng the chief research officer of cybersecurity firm Veracode said to CNN Business. This is the nature of software that is a turtle's nest.
The software is used by companies such as Apple, IBM and Oracle, Cisco, Google, Amazon, and Cisco. It is likely to be on popular apps and websites, and a lot more devices around the globe could be at risk.
Are hackers exploiting it?
Attackers appear to have had more than a week's head begin to exploit the flaw in the software before it was disclosed publicly according to cybersecurity firm Cloudflare. With so many hacking attempts happening every day, many are worried that the worst is still to come.
"Sophisticated, more senior threat agents will find the best way to exploit vulnerabilities to maximize gains," Mark Ostrowski (Check Point's chief engineer) told reporters on Tuesday.
Microsoft posted late Tuesday that state-backed hackers, including those from China, Iran and North Korea tried to exploit the Log4j flaw.
ZEHN GAMES CANADA
What makes this security flaw so dangerous?
Experts are particularly worried about the vulnerability due to the fact that hackers could gain access to a company's computer server, giving them access to other parts of a network. It's also difficult to identify the vulnerability or see whether a system has been compromised, according to Kennedy.
In addition, a third vulnerability in Log4j's system was found late on Tuesday. The Apache Software Foundation, a non-profit that developed Log4j, and other open-source software, has issued an update to secure organisations.
What are the strategies being employed by companies to tackle this issue?
Last week, Minecraft published a blog post announcing a vulnerability was discovered in a version of its game -- and promptly released the fix. Other companies have followed similar steps.
US warns hundreds of millions of devices at risk from a newly discovered software vulnerability
IBM, Oracle, AWS and Cloudflare have all issued advisory notices to customers, while some are pushing security updates or detailing their plans for possible patches.
"This is a very serious vulnerability, but it's not as if you can click a button to patch it like a typical major vulnerability. It's going to require an enormous amount of time and effort," said Kennedy.
For transparency and to help reduce misinformation, CISA said it would set up a public website with information on which software products were affected by the vulnerability and how hackers exploited them.
What can you do to ensure your security?
The burden is on companies to act. Users should make sure that they upgrade their software, apps and devices whenever they are prompted by companies in the coming days or weeks.
What's next?
The US government has warned affected businesses to be on high alert for cyberattacks and ransomware during the holiday season.
There is a risk that a growing number of malicious actors will make use of the vulnerability in novel ways. While large technology companies may have security teams in place to deal with the risk, many other organizations don't.
"What I'm most concerned about is school districts, the hospitals and the places where there's a single IT person working on security but doesn't have the time or the budget for security or tooling," said Katie Nickels, Director of Intelligence at cybersecurity company Red Canary. "Those are the companies I'm most concerned about- small organizations with small security budgets."
Website: https://zehngamescanada.com/
|
|
Notes.io is a web-based application for taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000 notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 12 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team
