The Log4j Security Flaw Could Impact The Whole Internet Heres What You Should Be Aware Of

From Yoga Asanas
Jump to: navigation, search

"It will take years to fix this issue, while attackers will be on the lookout... on daily basis to attack itand exploit it]," said David Kennedy, CEO of cybersecurity firm TrustedSec. "This is a real threat for companies."



Here are some tips you should know:



What is Log4j and why is it important?



Log4j is one of the most used logging libraries online, according to cybersecurity experts. Log4j allows software developers to keep track of their activity that can be used to troubleshoot and auditing and data tracking. The library is free and open-source which means it can be used in any area of the internet.



"It's ubiquitous. Even if you're a programmer who doesn't use Log4j directly, you could still be running the vulnerable code since one of the open source libraries you utilize depends on Log4j," Chris Eng the chief research officer of cybersecurity firm Veracode spoke to CNN Business. "This is the nature of software it's turtles all down."



Companies such as Apple, IBM, Oracle, Cisco, Google and Amazon, all use the software. It could be present in popular websites and apps and hundreds of millions more devices across the world could be susceptible to it.



Are hackers exploiting it?



Attackers appear to have had more than a week's head to exploit the flaw in the software before it was revealed publicly according to cybersecurity firm Cloudflare. With the number of hacking attempts taking place each day, some worry that the worst could yet be yet to come. My Games



"Sophisticated threat actors will come up with ways to exploit the vulnerability to make the biggest gain," Mark Ostrowski, Check Point's chief engineer, said Tuesday.



Microsoft announced late on Tuesday that state-backed hackers, which includes those from China, Iran and North Korea attempted to exploit the Log4j flaw.



Why is this security flaw so risky?



Experts are particularly concerned about the vulnerability as hackers can gain easy access to a company's computer servers which allows them access to other networks. It's also extremely difficult to find the vulnerability or see if a system has already been compromised, according to Kennedy.



In addition, a third vulnerability in Log4j's system was discovered late on Tuesday. The Apache Software Foundation, a non-profit that created Log4j as well as other open-source software, has released an update for security to companies.



What are the strategies being employed by companies to address this problem?



This week, Minecraft published a blog posting announcing that a vulnerability had been discovered in a particular version of its game -- and promptly issued a fix. Other companies have followed similar steps.



US warns hundreds of millions of devices at risk from a newly discovered software vulnerability



Customers have received alerts from IBM, Oracle, AWS, Cloudflare, and AWS. Some release security updates, while others describe their plans for possible patches.



"This is a serious vulnerability however, you can't hit the button to fix it like the typical major vulnerability." Kennedy stated that it will take a lot of effort and time.



To ensure transparency and cut down on false information, CISA said it would set up a public website with information on which software products were affected by the flaw and the ways hackers exploited the vulnerabilities.



What can you do to protect yourself?



Companies are under a lot of pressure to take action. It is imperative that users upgrade their software, apps and devices as they are prompted by companies in the coming days or weeks.



What's next?



The US government has issued a warning for affected companies to be on high alert over the holidays for cyberattacks and ransomware.



There is concern that an increasing number criminals will make use of the vulnerability in novel ways. And while big technology companies may have the security teams in place to combat these threats, many other organizations do not.



"What I am most concerned about are schools hospitals, the places where there is only one IT employee who does security but doesn't have the security budget or tools," Katie Nickels, Director Intelligence at cybersecurity company Red Canary. "Those are the organizations I am most worried about -- the small organizations with low budgets for security."

Retrieved from "https://yogaasanas.science/index.php?title=The_Log4j_Security_Flaw_Could_Impact_The_Whole_Internet_Heres_What_You_Should_Be_Aware_Of&oldid=2492746"