Government warning over cybersecurity flaw that may wreak 'incalculable' damage

Governments and cyber-security experts have issued a dire warning about a new software vulnerability that has recently come to light.

First discovered in the online game Minecraft, the security flaw is open to exploitation from hackers and cybercriminals.

If compromised, it may allow hackers to remotely execute commands on a computer system.

The UK government warned it is treating ‘this issue with the utmost seriousness’ while the US said the vulnerability was ‘being widely exploited by a growing set of threat actors’.

The issue is found in an open-source project tool called Log4j, developed by Apache Software, that is in widespread use in enterprise cloud services.

Lotem Finkelstein, director of threat intelligence for Check Point Software Technologies said, ‘I cannot overstate the seriousness of this threat.’ 

‘Security teams need to jump on this with the utmost urgency as the potential for damage is incalculable.’

This log4j (CVE-2021-44228) vulnerability is extremely bad. Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string. So far iCloud, Steam, and Minecraft have all been confirmed vulnerable.

Apache says it has already issued a fix for the flaw, but IT professionals will need to implement it as soon as possible.

The company says the problem won’t affect personal devices, but any data an individual has with an organisation that operates web servers could be at risk.

Source: Read Full Article