(News) They discover a 'software' flaw that could be "the most critical vulnerability of the last decade"

[Askor lml]

Companies whose servers have been confirmed to be affected by this issue include Apple, Amazon, Twitter, and Steam.

 

Chen Zhaojun, an employee of the Chinese private consortium Alibaba, has detected a 'software' flaw, dubbed 'Log4Shell', in Apache Log4j, an open source logging tool used by a large number of applications, web pages and services, TechCrunch reported this Friday.

It was first discovered in the Microsoft-owned video game Minecraft, although cybersecurity company LunaSec warns that "many services" are vulnerable because the affected tool is in almost all major business applications and servers based on the Java programming language. .

Companies whose servers have been confirmed to be vulnerable to this problem include Apple, Amazon, Cloudflare, Twitter, Steam, Baidu, NetEase, Tencent and Elastic, although it is believed that the affected companies and organizations could be in the thousands.

What implications does it have?
Robert Joyce, director of cybersecurity for the US National Security Agency (NSA), believes that this is a "significant threat" and confirmed that GHIDRA, an open source reverse engineering tool and developed by them, has also been affected.

The New Zealand Computer Emergency Response (CERT) team, Deutsche Telekom CERT and web monitoring service Greynoise have warned that hackers are actively searching for servers vulnerable to the failure of ' software'.

Amit Yoran, executive director of the cybersecurity company Tenable, assured that it is "the greatest and most critical vulnerability of the last decade", without ruling out that it is possibly the worst in the history of modern computing.

"Internet is on fire"
"The Internet is on fire right now," said Adam Meyers, senior vice president of intelligence at cybersecurity firm Crowdstrike, warning that hackers have already developed and distributed tools to exploit the vulnerability.

For her part, Kayla Underkoffler, Senior Security Technologist at HackerOne, believes that this situation highlights the "threat posed by open source 'software' as a growing portion of the critical attack surfaces of the global supply chain" .

The Apache Software Foundation has already released an emergency security update to address the zero-day vulnerability in Log4j, and has also carried out a number of mitigation measures for those who cannot install the update immediately.

News brought by

https://actualidad.rt.com/