The Log4j Security Flaw Could Impact The Whole Internet Heres What You Need To Be Aware Of

From Trade Britannica
Jump to: navigation, search

"It will take years to tackle this while attackers will be looking... on a daily basis [to take advantage of itand exploit it]," said David Kennedy the CEO of cybersecurity company TrustedSec. "This is a ticking time bomb for businesses."



Here are some tips you need to be aware of:



What is Log4j and why is it important?



According to cybersecurity experts, Log4j is one the most popular online logging libraries. Log4j offers software developers the ability to create an account of their activities to be used for a variety of purposes for troubleshooting, auditing , and data tracking. Because it is both open-source and free, the library covers every aspect of the internet.



"It's ubiquitous. Even if you're a developer who doesn't use Log4j directly, you may still be running vulnerable code since one of the open source libraries you utilize depends on Log4j," Chris Eng chief research officer at cybersecurity firm Veracode said to CNN Business. This is the way software works: It's turtles all down.



Companies such as Apple, IBM, Oracle, Cisco, Google and Amazon all use the software. It could present in popular websites and apps, and hundreds of millions of devices around the world which access these services could be exposed to the vulnerabilities.



Are hackers exploiting it?



Attackers appear to have had more than a week's head to exploit the flaw in the software before it was disclosed publicly, according to cybersecurity firm Cloudflare. With the number of hacking attempts being made every day, people are worried that the worst is yet to come. Just another wordpress site



"Sophisticated, more senior threat actors will figure out how to effectively exploit the vulnerability to make the biggest gain," Mark Ostrowski, Check Point's head of engineering, said Tuesday.



Late on Tuesday, Microsoft said in an update to a blog post that state-backed hackers from China, Iran, North Korea and Turkey have attempted to exploit the Log4j vulnerability.



Why is this security flaw so critical?



Experts are particularly worried about the vulnerability due to the fact that hackers could gain easy access to a company’s computer server, granting them access to other components of a network. Kennedy says it's difficult to detect the vulnerability and determine if a computer is already compromised.



In addition, a third vulnerability in Log4j's software was discovered late on Tuesday. The Apache Software Foundation, a non-profit that developed Log4j as well as other open-source software has released an update to secure organizations.



What are the companies doing to tackle this problem?



Last week, Minecraft published a blog posting announcing that a vulnerability had been discovered in a particular version of its game -- and quickly released a fix. Similar steps have been taken by other companies.



US warns that hundreds of millions of devices are at risk because of a newly discovered software vulnerability



Customers have received advisory letters from IBM, Oracle, AWS, Cloudflare, and AWS. Certain companies issue security updates, whereas others detail their plans for future patches.



"This is a serious vulnerability, but you cannot hit a button to fix it like the typical major vulnerability." It will require an enormous amount of time and effort," said Kennedy.



To ensure transparency and cut down on confusion, CISA said it would create a website for the public with updates on what software products were affected by the flaw and how hackers took advantage of the vulnerabilities.



What can you do for your security?



The burden is on businesses to take action. Users should make sure that they update their software, apps and devices as they are prompted by businesses in the coming days or weeks.



What's next?



The US government has issued a caution for companies affected to be on alert throughout the holiday season for ransomware and cyberattacks.



There is a concern that an increasing number of malicious actors are making use of the vulnerability in new ways. While large technology companies may have security teams in place to combat the threat, many other organizations don't.



"What I am most concerned about are the schools hospitals, the places where there's one IT professional who handles security but does not have the security budget or the tools," Katie Nickels, Director Intelligence at cybersecurity company Red Canary. "Those are the organizations I'm most concerned about -small companies with small budgets for security."

Retrieved from "https://trade-britanica.trade/index.php?title=The_Log4j_Security_Flaw_Could_Impact_The_Whole_Internet_Heres_What_You_Need_To_Be_Aware_Of&oldid=2553595"