Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Log4j: Why this massive security flaw is impacting nearly all of the internet
Yahoo Finance
Log4j: Why this massive security flaw is impacting nearly all of the internet
Daniel Howley · Technology Editor
Fri, December 17, 2021, 5:23 PM
A major cybersecurity vulnerability is impacting nearly all of the internet, sending everything from financial institutions to government entities scrambling to patch their systems, before cybercriminals and nation states can launch cyberattacks. ... Known as the Log4j vulnerability, the flaw impacts a piece of open-source logging software that allows developers to understand how their programs function. The idea is to help companies understand potential bugs or performance issues in their own software.
But Log4j, which is part of the software offered by the open source Apache Software Foundation, can be exploited to allow attackers to take over the computers and networks of any organization running the program. ... Patches have already been released, but applying them is a different story. Organizations, whether government or private, are notoriously slow when it comes to updating their software.
“It's a very, very serious issue,” NYU Tandon School of Engineering associate professor Justin Cappos told Yahoo Finance. “Since it's part of the software supply chain, many different pieces of software can be affected.” ... The fear is that the flaw could be used by attackers to take remote control of any unpatched system and use them as their own. That, experts say, could give cybercriminals the means to do everything from stealing user data to taking control of real-world infrastructure.
{snip}
Log4j: Why this massive security flaw is impacting nearly all of the internet
Daniel Howley · Technology Editor
Fri, December 17, 2021, 5:23 PM
A major cybersecurity vulnerability is impacting nearly all of the internet, sending everything from financial institutions to government entities scrambling to patch their systems, before cybercriminals and nation states can launch cyberattacks. ... Known as the Log4j vulnerability, the flaw impacts a piece of open-source logging software that allows developers to understand how their programs function. The idea is to help companies understand potential bugs or performance issues in their own software.
But Log4j, which is part of the software offered by the open source Apache Software Foundation, can be exploited to allow attackers to take over the computers and networks of any organization running the program. ... Patches have already been released, but applying them is a different story. Organizations, whether government or private, are notoriously slow when it comes to updating their software.
“It's a very, very serious issue,” NYU Tandon School of Engineering associate professor Justin Cappos told Yahoo Finance. “Since it's part of the software supply chain, many different pieces of software can be affected.” ... The fear is that the flaw could be used by attackers to take remote control of any unpatched system and use them as their own. That, experts say, could give cybercriminals the means to do everything from stealing user data to taking control of real-world infrastructure.
{snip}
1 replies
= new reply since forum marked as read
= new reply since forum marked as read
