The Log4j Security Flaw Could Impact The Entire Internet Heres What You Should Be Aware Of

From Marvel vs DC
Jump to: navigation, search

"It will take years to tackle this, and attackers will be watching... on daily basis to take advantage of it]," said David Kennedy the CEO of cybersecurity company TrustedSec. "This is a real threat for businesses."



Here are some tips you need to know:



Log4j What is it and why is it important?



Log4j is among the most popular logging libraries online, according to cybersecurity experts. Log4j provides software developers with the possibility of creating an inventory of activities that can be used for a variety of purposes, such as troubleshooting, auditing and data tracking. The library is free and open source, so it can be used in any area of the internet.



"It's ubiquitous. Even if Servers 're a developer who doesn't use Log4j directly, you might still be running vulnerable code because one of the open source libraries you use relies on Log4j," Chris Eng the chief research officer of cybersecurity firm Veracode said to CNN Business. "This is the nature of software that is a turtle all the way down."



The software is used by corporations such as Apple, IBM and Oracle, Cisco, Google, Amazon, and Cisco. Gaming is possible to be present in popular apps and websites, and hundreds of millions of devices around the world that use these services could be susceptible to the vulnerability.



Are hackers exploiting it?



According to cybersecurity firm Cloudflare, attackers appear to have had more than a week to exploit the flaw in the software before it was disclosed. With an increasing number of hacking attempts happening every day, some are worried the worst is to yet come.



"Sophisticated and more experienced threat actors will come up with how to effectively exploit the vulnerability to make the biggest gain," Mark Ostrowski, Check Point's head of engineering told reporters on Tuesday.



Microsoft posted late Tuesday that state-backed hackers, such as those from China, Iran and North Korea attempted to exploit the Log4j flaw.



What makes this security flaw so dangerous?



Experts are particularly concerned about the vulnerability because hackers could gain access to a company's computer server, granting them access to other components of a network. Kennedy says it's hard to spot the vulnerability and determine if a system is already compromised.



In addition, a third vulnerability in Log4j's system was discovered late on Tuesday. Apache Software Foundation, a nonprofit that developed Log4j and other open source software, has released an update on security that organizations are able to use.



What are the strategies being used by companies to address this problem?



This week, Minecraft published a blog post announcing a vulnerability was discovered in a version its game -- and quickly released the fix. Similar steps have been taken by other companies.



US warns hundreds of millions of devices that are at the risk of a new software vulnerability



IBM, Oracle, AWS and Cloudflare have all issued advisories to customers, and some have even pushed security updates or outlining their plans for possible patches.



"This is a very serious vulnerability, but it's not like you can hit a button to patch it like a traditional major vulnerability. sagor's blog stated that it will require a lot of work and time.



CISA stated that it would create an online platform that would provide updates on software products affected by the vulnerability.



What can you do to ensure your safety?



Companies are under immense pressure to take action. For now, users should ensure that they update their devices, software and apps when they receive prompts from companies in the coming days and weeks.



What's next?



The US government has warned affected companies to be on high alert for cyberattacks and ransomware during the holidays.



There is a risk that criminals could exploit the vulnerability in innovative ways. While big tech companies might have security teams in place to deal with these potential threats, many other organizations don't.



"What I'm most concerned about is school districts, the hospitals those places where there's only one IT person who does security but doesn't have the time or the security budget or the tooling," said Katie Nickels, Director of Intelligence at cybersecurity firm Red Canary. "Those are the companies I'm most worried about -small companies with small budgets for security."