Notes
Notes - notes.io |
TrustedSec CEO David Kennedy stated that while it will take several years to correct this, hackers will be on the lookout... every day [to exploit it]." "This is a huge security risk for businesses."
Here's the information you should know:
What is Log4j and why is it important?
Log4j is among the most popular logging libraries used online, according to cybersecurity experts. Log4j offers software developers a way to build an account of their activities to be used for a variety of reasons for auditing, troubleshooting and data tracking. The library is free and open source, so it can be used across all areas of the internet.
"It's ubiquitous. Even if you do not use Log4j directly as an author, you could still be running vulnerable code because the one open source library you are using depends on Log4j," Chris Eng of cybersecurity firm Veracode said to CNN Business. "This is the nature of software it's turtles all the way down."
The software is used by corporations such as Apple, IBM and Oracle, Cisco, Google, Amazon and Cisco. It could present on popular websites and apps, and hundreds of millions of devices that use these services could be susceptible to the vulnerabilities.
Are hackers exploiting it?
According to cybersecurity firm Cloudflare the hackers appear to have had more than a week to exploit the flaw in the software before it was revealed. With such a high number of hacking attempts happening every day, some are worried that the worst is yet to be to.
"Sophisticated and more experienced threat actors will find a way to really weaponize the vulnerability to get the greatest benefit," Mark Ostrowski, Check Point's head of engineering told reporters on Tuesday.
Late on Tuesday, Microsoft said in an update to a blog post that state-backed hackers from China, Iran, North Korea and Turkey have attempted to exploit the Log4j flaw.
What makes this security flaw so dangerous?
Tiara
Experts are particularly worried about the vulnerability due to the fact that hackers could gain access to a company's computer server, giving them access to other components of a network. It's also extremely difficult to identify the vulnerability or determine if a system has already been compromised according to Kennedy.
A second vulnerability was discovered in Log4j's software late Tuesday. The Apache Software Foundation, a non-profit organization that has developed Log4j as well as other open-source software, has released security patches for businesses.
What are the strategies employed by companies to address this issue?
Last week, Minecraft published a blog posting announcing that a vulnerability had been discovered in a particular version of its game -- and quickly released an update. Other companies have taken similar steps.
US warns that hundreds of millions of devices are at risk of being affected by a newly discovered software vulnerability
Customers have received alerts from IBM, Oracle, AWS, Cloudflare, and AWS. Certain companies push security updates, while others detail their plans for future patches.
"This is a very serious bug, but it's not something you can press a button to patch it like a standard major vulnerability. It's going to require lots of time and effort," said Kennedy.
For transparency and to help reduce confusion, CISA said it would set up a public website that will provide updates on which software products were affected by the vulnerability and how hackers exploited the vulnerabilities.
What can you do to ensure your security?
The burden is on businesses to take action. For now, users should ensure that they update their devices, software and apps when they receive prompts from companies in the coming days and weeks.
What's next?
The US government has issued a warning to affected businesses to be on guard during the holiday season for cyberattacks and ransomware.
There is a concern that malicious actors could exploit the vulnerability in new ways. While large tech companies might have security teams in place to deal with the potential threats, many other organizations don't.
"What I'm most concerned about is school districts, hospitals and other places where there is a single IT person who is responsible for security, but does not have the security budget or the tools," Katie Nickels, Director Intelligence at cybersecurity company Red Canary. "Those are the companies that I am most concerned about - small organizations with low budgets for security.
Here's my website: https://tiara.info/
|
|
Notes.io is a web-based application for taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000 notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 12 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team
