Digital Friday >>> Latest Global Digital Security Threat
Picture Source: Pixabay
Cybersecurity experts have raised their concern over a critical flaw which was discovered in a widely used software. The vulnerability was uncovered in the Java-based software called “Log4j” which is used by many large tech companies in their applications worldwide.
This flaw raises red flags for technology companies as the Log4j software is one that many applications rely on. According to experts, Apple’s cloud computing service, Cloudflare, Steam, Spotify, Alibaba Cloud and Minecraft are just a few examples of applications and software which rely on Log4j.
Log4j is an application that was developed by Java, and it is broadly used by companies to monitor the performance and errors inside applications. Log4j is an extremely important logging library, and it allows developers to build a record of activity which can be used for auditing, troubleshooting and data tracking. As this software is open-source, Log4j is used by a wide range of apps on the internet and this software bug will affect many of them. The bug itself allows for remote code execution (RCE) and could potentially allow hackers to gain full control of the server which is running that software. “It’s ubiquitous. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”, commented Chris Eng, chief research officer at the cybersecurity firm Veracode.
Picture Credit: Kevin Ku
Jen Easterly, head of the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA) commented that it was “one of the most serious flaws” that she has experienced throughout her career. Easterly also commented in a recent press statement that there was “a growing set” of hackers who were actively trying to take advantage of the vulnerability. The cybersecurity firm Check Point reported that there were more than 100 hacking attempts occurring every minute. David Kennedy, CEO of the cybersecurity firm TrustedSec, commented, “This is a ticking time bomb for companies”.
Experts are concerned about the bug as it allows hackers to gain easy access into a company’s computer servers and it is difficult to trace and check if the system has been infiltrated. However, companies are issuing security updates and software fixes to combat the possibility of a security breach. The US government has also issued a warning to companies who may be affected to stay vigilant and on high alert for ransomware and cyberattacks.
December 24th 2021 | 3:15 PM