The Log4j Security Flaw Could Impact The Entire Internet Heres What You Need To Be Aware Of

From Doku Wiki
Jump to: navigation, search

"It will take years to fix this while attackers will be on the lookout... on every day [to take advantage of itand exploit it]," said David Kennedy the CEO of cybersecurity firm TrustedSec. "This is a ticking time bomb for businesses."



Here are some tips you need to know:



Log4j: What is it and why is it important?



Log4j is one of the most used logging libraries online, according to cybersecurity experts. PREMIUM E Log4j allows software developers to create a record of activity that can be used for troubleshooting and auditing and data tracking. Because it's open-source and free, the library touches every part of the internet.



"It's ubiquitous. Even if you do not use Log4j directly as a developer, you could still be running vulnerable code because the one open source library you use depends upon Log4j," Chris Eng of cybersecurity firm Veracode disclosed to CNN Business. "This is the nature of software that is a turtle all down."



Companies like Apple, IBM, Oracle, Cisco, Google and Amazon, all run the software. It is likely to be on popular apps and websites, and hundreds of millions of devices around the world could be susceptible to it.



Are hackers exploiting it?



According to cybersecurity firm Cloudflare the attackers appear to have had more time than a week to exploit the flaw in the software before it was revealed. With so many hacking attempts occurring every day, many are worried that the most severe attack is not yet over.



"Sophisticated, more senior threat actors will come up with ways to exploit the vulnerability to make the most benefit," Mark Ostrowski, Check Point's chief engineer on Tuesday, said.



Microsoft released a statement late Tuesday saying that state-backed hackers, including those from China, Iran and North Korea attempted to exploit the Log4j flaw.



What makes this security flaw so bad?



Experts are particularly concerned about the vulnerability as hackers could gain access to a company's computer server, granting them access to other parts of an organization's network. Kennedy says it's difficult to spot the vulnerability and determine if a system is already compromised.



In addition, a second vulnerability in Log4j's system was discovered late on Tuesday. Apache Software Foundation, a nonprofit that developed Log4j and other open software, has released a security fix for organizations to use.



What are the companies doing to address the problem?



Last week, Minecraft published a blog post that announced a flaw was discovered in a version its game. The company promptly issued the fix. Books Other companies have also taken similar steps.



US warns that millions of devices are at risk of being affected by a newly discovered software vulnerability



IBM, Oracle, AWS and Cloudflare have all issued advisory notices to customers, while some are pushing security updates or laying out their plans for patches.



"This is such a serious bug, but it's not something you can press an icon to patch it like a typical major vulnerability. It's going to require an enormous amount of time and effort," said Kennedy.



CISA stated that it would create a public website to provide updates on software products that are affected by the vulnerability.



What can you do to ensure your safety?



The onus is on companies to act. People should ensure that they update their software, apps and devices as they are prompted by businesses in the coming days or weeks.



What's next?



The US government has warned affected businesses to be on high alert for cyberattacks and ransomware during the holiday season.



There is a risk that criminals could exploit the vulnerability in novel ways. While large tech companies may have security teams in place to address these potential threats, many other organizations don't.



"What I'm most concerned about is the schools, hospitals, the places where there's a single IT person who does security, but doesn't have the time or the budget or tooling," said Katie Nickels Director of Intelligence at cybersecurity company Red Canary. "Those are the companies that I am most worried about -- the small businesses with small security budgets."

Retrieved from "https://dokuwiki.stream/index.php?title=The_Log4j_Security_Flaw_Could_Impact_The_Entire_Internet_Heres_What_You_Need_To_Be_Aware_Of&oldid=2553005"