scorecardresearch
Saturday, Nov 26, 2022
Premium

Log4j software vulnerability: Major tech companies rush to fix software after US govt’s warning

The flaw in the Log4j software could allow hackers unfettered access to computer systems and has prompted an urgent warning by the US government’s cybersecurity agency.

Log4j, Log4j vulnerability, What is Log4j vulnerability, Log4j Java issue, Log4j Minecraft, Log4j Amazon, Log4j AppleNew rules governing the use of algorithm recommendation technology will also be implemented from March 1, the CAC said in a separate statement.

Major global companies are facing pressure to fix what experts are calling one of the most serious software flaws in recent memory. The flaw in the Log4j software could allow hackers unfettered access to computer systems and has prompted an urgent warning by the US government’s cybersecurity agency.

Microsoft Corp and Cisco Inc have published advisories about the flaw, and software developers released a fix late last week. But a solution depends on thousands of companies putting the fix in place before it is exploited.

“This is probably the worst security vulnerability in at least the last 10 years — maybe longer,” said Charles Carmakal, the chief technology officer for cybersecurity firm Mandiant Inc. He said Mandiant received requests from several major companies in the last few days for help.

Alibaba Group’s cloud-security team recently discovered the flaw, according to the nonprofit Apache Software Foundation, which maintains Log4j.

Subscriber Only Stories
Sanjay Kumar Mishra: The long hand of the EDPremium
Jignesh Mevani interview: ‘People have lost spark to even aggressively re...Premium
UPSC Essentials| Weekly news express with MCQs : National Suicide Prevent...Premium
Delhi Confidential: A ‘night sky sanctuary’ in Ladakh, India&...Premium

The vulnerability effectively allows hackers to take control of a system. Because the faulty computer code is baked into the software of all sorts, updating it is a painstaking process.

“To be clear, this vulnerability poses a severe risk,” Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, said in a statement Friday. Vendors “must immediately identify, mitigate, and patch the wide array of products using this software,” she said.

VMWare Inc, which makes computer-virtualisation software, said Thursday that several of its products were likely affected by the Java-based Log4j.

Advertisement

Amit Yoran, the CEO of Tenable Inc., which makes widely used vulnerability-scanning software, said the Log4j flaw is so ubiquitous that, among customers running Tenable’s scanning products, at least three systems a second are reporting they’re affected.

“We are taking urgent action to drive mitigation of this vulnerability and detect any associated threat activity,” Easterly said, adding that CISA has cataloged the vulnerability — requiring US federal civilian agencies to fix it promptly. As of Saturday, the agency hasn’t identified compromises in federal systems.

First published on: 13-12-2021 at 08:49:31 am
Next Story

BWF World Championships: On the Mark was Caljouw – three months after heart surgery, while beating Sai Praneeth

Latest Comment
Post Comment
Read Comments
Advertisement
Advertisement
Advertisement
Advertisement
close