After the US government issued a warning about the vulnerability of the Log4j software, major computer companies rushed to repair it
The vulnerability in Log4j software might offer hackers unrestricted access to computer systems
According to Amit Yoran, CEO of Tenable Inc., which develops widely used vulnerability-scanning software, at least three systems are reporting being affected every second among clients running Tenable’s scanning products.
The vulnerability in Log4j software might offer hackers unrestricted access to computer systems, prompting the US government’s cybersecurity agency to issue an urgent warning. Major multinational corporations are under pressure to fix one of the most significant software flaws in recent memory.
The flaw has been published by Cisco Inc. and Microsoft Corp. Software developers released a fix late last week. However, a solution requires hundreds of organisations to implement the fix before it is exploited.
“This is probably the worst security vulnerability in at least the last 10 years — maybe longer,” Charles Carmakal, CEO of cybersecurity firm Mandiant Inc, said.
According to the nonprofit Apache Software Foundation, which manages Log4j, the issue was identified by Alibaba Group’s cloud-security team.
“To be clear, this vulnerability poses a severe risk, ”said Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency.
Vendors “must immediately identify, mitigate, and patch the wide array of products using this software,” she stated.
VMWare Inc, a maker of computer-virtualisation software, warned on Thursday that the Java-based Log4j was likely to affect numerous of its products.
“We are taking urgent action to drive mitigation of this vulnerability and detect any associated threat activity,” Easterly said, adding that the vulnerability has been catalogued by CISA, which requires US federal civilian entities to address it as soon as possible. As of Saturday, the CIA had not discovered any vulnerabilities in federal systems.
As the Internet’s Fukushima unfolds, the only one not talking about it is https://t.co/QsVncv19cp. It’s not even on the main log4j page. We’ve learned nothing from struts and this vulnerability is going to cost dearly.https://t.co/17S4CsAVpBhttps://t.co/XxOtiT3dhD
— Amit Yoran (@ayoran) December 12, 2021