Cybersecurity experts have raised the alarm about a previously unknown critical flaw in a commonly used software tool that could potentially allow hackers to compromise millions of devices connected to the internet.
The fault, known as ‘Log4Shell’, has been described as the “single biggest, most critical vulnerability of the last decade” – which puts it in the running for a place among the biggest glitches in modern computing history. Researchers have warned that the flaw affects servers run by tech giants like Microsoft, Apple, Amazon, and Twitter.
The first indication about the exploit was seen on sites that hosted servers for the hugely popular Microsoft-owned online game Minecraft. Marcus Hutchins, the British security researcher known for halting the WannaCry malware attack, tweeted that apparently some of the game’s users were already using the flaw to remotely run programs on the computers of other users by “simply pasting a short message into a chat box.”
The vulnerability, which is located in ‘log4j’ – an open-source logging tool developed by the Apache Software Foundation – was first reported on November 24 by Chinese tech giant Alibaba. The foundation then rated the severity of the problem at 10 on a scale of one to 10. However, the flaw was only publicly revealed on Thursday.
The logging software is used by Amazon Web Services and other cloud server providers as well as industry and government networks. Logging refers to a process where applications keep a running tab on activities they have performed that can later be reviewed to check for errors. Nearly every network security system uses a logging process, which hints at the scale of the problem.
Noting that hackers had “fully weaponized” the exploit shortly after it was revealed, Adam Meyers – senior vice president of intelligence at cybersecurity firm Crowdstrike – told the AP that the “internet’s on fire right now” as experts raced to patch the flaw while new tools to exploit it were being distributed.
Although a security fix to the log4j tool has been released, Log4Shell will remain a threat during the time it takes to ensure that all vulnerable machines are updated.
(RT.com)
24World Media does not take any responsibility of the information you see on this page. The content this page contains is from independent third-party content provider. If you have any concerns regarding the content, please free to write us here: contact@24worldmedia.com
5 Characteristics of Truth and Consequences in NM
How To Make Your Wedding More Accessible
Ensure Large-Format Printing Success With These Tips
4 Reasons To Consider an Artificial Lawn
The Importance of Industrial Bearings in Manufacturing
5 Tips for Getting Your First Product Out the Door
Most Popular Metal Alloys for Industrial Applications
5 Errors To Avoid in Your Pharmaceutical Clinical Trial
Ways You Can Make Your Mining Operation Cleaner
Tips for Starting a New Part of Your Life
Easy Ways To Beautify Your Home’s Exterior
Tips for Staying Competitive in the Manufacturing Industry
