Latest News by Industry
Millions of internet users are vulnerable or are already hit
by hackers who are exploiting a flaw in a software that is used by many tech
giants including Amazon (AMZN) and Microsoft (MSFT).
It has been revealed that hackers use a vulnerability in a server software
called Log4j to gain access to computers of internet users. They can force
unsolicited downloads to infect users with malicious codes that can lead to disastrous
consequences, news reports say.
Cybersecurity researchers have reported and gain unauthorized entry to computers,
a report in WSJ says.
Among the tech giants forced to reassess their security preparations
on account of the flaw in Log4j are Amazon.com Inc., Twitter Inc., (TWTR), and
Cisco Systems Inc., (CSCO),
the companies informed WSJ.
Amazon, the world’s biggest cloud computing company, said in
a security alert, “We are actively monitoring this issue, and are working on
addressing it.”
Related article: Russia-based"
hackers continue to target US
The threat is so real that the Department of Homeland
Security’s Cybersecurity and Infrastructure Security Agency last week issued an
alert"
about the vulnerability sought urgent action from firms. CISA Director Jen
Easterly said, “To be clear, this vulnerability poses a severe risk. We will
only minimize potential impacts through collaborative efforts between
government and the private sector.”
Easy to exploit
The list of software providers that use Log4j in their
products is long. Among them, International Business
Machines Corp.’s (IBM), Red Hat, Oracle Corp. (ORCL) and
VMware Inc., (VMW) have
already said they are deploying patches.
The fear is that as the bug is easy to exploit and attacks
hard to block, hackers could use the Log4j problem to break into corporate
networks for years to come, according to Aaron Portnoy, principal scientist
with security firm Randori. “It is one of the most significant vulnerabilities
that I’ve seen in a long time.”
By gaining access to the log files that keep track of what
users do on computer servers, hackers sneak in malicious instructions that
force the machine to download unauthorized software. It gives the hackers a beachhead
on a victim’s network.
The issue was reported late last month to the Log4j
development team by volunteers"
of the Apache Software Foundation, according to Ralph Goers, a volunteer
with the project. The foundation is a nonprofit group that helps oversee the
development of many open-source programs.
“It’s a very critical issue,” according to Goers. “People
need to upgrade to get the fix.” Log4j is used on servers to keep records of
users’ activities so they can be reviewed later by security or software
development teams.