Notes
Notes - notes.io |
TrustedSec CEO David Kennedy stated that while it will take years to fix this, attackers will be looking... every day [to exploit it]." "This is a huge security risk for businesses."
Here are some tips you should be aware of:
What is Log4j and why is it important?
According to security experts, Log4j is one the most widely used online log libraries. Log4j lets software developers create a record of activities that can be used to solve problems and auditing, as well as tracking data. The library is free and open-source, so it can be used in all areas of the internet.
"It's ubiquitous. Even if you don't use Log4j as a developer, you could still be running vulnerable code because the one open source library you use depends on Log4j," Chris Eng of cybersecurity firm Veracode said to CNN Business. "This is the nature of software: It's turtles all the way down."
The software is used by businesses like Apple, IBM and Oracle, Cisco, Google, Amazon, and Cisco. It is likely to be on popular websites and apps and hundreds of millions more devices across the world could be susceptible to it.
Are hackers exploiting it?
According to cybersecurity firm Cloudflare the hackers are believed to have had more time than one week to exploit the flaw in the software before it was disclosed. With so many hacking attempts happening each day, some are worried that the most severe attack is still to come.
"Sophisticated and more experienced threat actors will find ways to exploit the vulnerability to make the most benefit," Mark Ostrowski, Check Point's director of engineering on Tuesday, said.
Late Tuesday, Microsoft said in an update to a blog post that state-backed hackers from China, Iran, North Korea and Turkey have tried to exploit the Log4j vulnerability.
What is the reason this security flaw is so risky?
Just Another Wordpress Site
Experts are particularly concerned about the vulnerability as hackers are able to gain access to a company's server which allows them access to other networks. It's also very hard to detect the vulnerability or see whether a system has been compromised according to Kennedy.
In addition, a second vulnerability in Log4j's system was discovered late on Tuesday. The Apache Software Foundation, a non-profit that developed Log4j as well as other open-source software, has issued security patches for businesses.
What are the companies doing to address the issue?
This week, Minecraft published a blog post that announced a flaw was discovered in a particular version of its game. The company quickly issued a fix. Other companies have also taken similar steps.
US warns that millions of devices are at risk due to a new vulnerability in software
IBM, Oracle, AWS and Cloudflare have all issued advisories to customers, with some pushing security updates or laying out their plans for patches.
"This is a serious bug that you cannot click an option to fix it like the typical major vulnerability." It's going take a lot of time and effort," said Kennedy.
To be transparent and to reduce false information, CISA said it would create a website for the public with information on which software products were affected by the vulnerability and how hackers exploited the vulnerabilities.
What can you do to help protect yourself?
Companies are under immense pressure to take action. For now, users should ensure that they update their devices, software and apps when companies give prompts in the coming weeks and days.
What's next?
The US government has warned affected businesses to be on guard for ransomware attacks and cyberattacks during the holiday season.
There is a risk that an increasing number of criminals will make use of the vulnerability in new ways. And while big technology companies may have security teams in place to handle these potential threats, many other organizations do not.
"What I'm most worried about are the schools, hospitals, and the places where there's only one IT employee who is responsible for security, but does not have the security budget or the right tools," Katie Nickels, Director of Intelligence at cybersecurity company Red Canary. "Those are the organizations that I am most worried about -- the small organizations with low security budgets.
My Website: https://meu.info/
|
|
Notes is a web-based application for online taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000+ notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 14 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team
