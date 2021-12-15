ContributorsPublishersAdvertisers
Software

Log4j software flaw opens the door to hackers

WBUR
 3 days ago

A security flaw in a piece of open-source software called Log4j that millions...

www.wbur.org

CNN

The Log4j security flaw could impact the entire internet. Here's what you should know

New York (CNN Business) — A critical flaw in widely used software has cybersecurity experts raising alarms and big companies racing to fix the issue. The vulnerability, which was reported late last week, is in Java-based software known as "Log4j" that large organizations use to configure their applications -- and it poses potential risks for much of the internet.
INTERNET
Fudzilla

Chinese hackers find internet fatal flaw

Hackers linked to China and other governments are among a growing assortment of cyberattackers seeking to exploit a widespread and severe vulnerability in computer server software. Software King of the World Microsoft said that involvement of hackers whom analysts have linked to nation-states underscored the increasing gravity of the flaw...
TECHNOLOGY
CBS News

Nightmare before Christmas: What to know about the Log4j vulnerability

A vulnerability living inside a Java-based software known as "Log4j" shook the internet this week. The list of potential victims encompasses nearly a third of all web servers in the world, according to cybersecurity firm Cybereason. Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, Google, and one of the world's most popular video games, Minecraft count themselves among the slew of tech and industry giants running the popular software code that U.S. officials estimate have left hundreds of millions of devices exposed.
SOFTWARE
Ars Technica

Hackers launch over 840,000 attacks through Log4J flaw

Hackers including Chinese state-backed groups have launched more than 840,000 attacks on companies globally since last Friday, according to researchers, through a previously unnoticed vulnerability in a widely used piece of open-source software called Log4J. Cyber security group Check Point said the attacks relating to the vulnerability had accelerated in...
TECHNOLOGY
New Scientist

Log4j software bug is 'severe risk' to the entire internet

A major security flaw has been discovered in a piece of software called Log4j, which is used by millions of web servers. The bug leaves them vulnerable to attack, and teams around the world are scrambling to patch affected systems before hackers can exploit them. “The internet’s on fire right now,” said Adam Meyers at security company Crowdstrike.
COMPUTERS
capradio.org

Companies scramble to defend against newly discovered 'Log4j' digital flaw

Late last week, the staff of the popular world-building video game Minecraft published an unusual blog post announcing that a version of the game had a digital flaw that hackers could exploit to take over players' computers. The gaming company released a patch and encouraged players who run their own servers to do the same.
TECHNOLOGY
FOX 40 News WICZ TV

DHS warns of critical flaw in widely used software

The Department of Homeland Security's top cyber official on Saturday urged government and private-sector organizations to address a critical flaw in widely used software that hackers were actively using to try to breach networks. DHS's Cybersecurity and Infrastructure Security Agency ordered federal civilian agencies to update their software. And Jen...
TECHNOLOGY
ZDNet

US warns Log4j flaw puts hundreds of millions of devices at risk

Top US government cybersecurity officials fear advanced hackers will have a field day with the Log4j vulnerability that's likely present in hundreds of millions of devices. Security experts are already seeing widespread scanning for the Log4j vulnerability (also dubbed 'Log4Shell') on internet-connected devices running vulnerable versions of Log4j version 2, which have been under attack since December 1, although the bug became common knowledge on December 9.
TECHNOLOGY
morningbrew.com

A software flaw exposes major companies’ servers

A piece of faulty software called Log4J has exposed major companies to over 1.2 million cyberattacks since last Friday, according to researchers. It’s already one of the most wide-reaching security breaches ever, and it could take years to fully fix. Awake yet?. The little-known but widely used Log4J software...
SOFTWARE
Scientific American

The Log4J Software Flaw Is ‘Christmas Come Early’ for Cybercriminals

Researchers have just identified a security flaw in a software program called Log4J, widely used by a host of private, commercial and government entities to record details ranging from usernames and passwords to credit card transactions. Since the glitch was found last weekend, the cybersecurity community has been scrambling to protect applications, services, infrastructure and even Internet of Things devices from criminals—who are already taking advantage of the vulnerability.
TECHNOLOGY
securitymagazine.com

Apache Log4j security flaw presents critical risk to organizations

Threat actors are actively exploiting a critical security flaw in Java logging library Apache Log4j. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services, meaning many organizations are at risk from threat actors actively exploiting this vulnerability. The Apache Log4j flaw is a zero-day...
SOFTWARE
wpguynews.com

Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware

Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability. The attack leverages the remote code execution flaw to...
COMPUTERS
BGR.com

Nation-state hackers are already exploiting the scary Log4j vulnerability

Security researchers recently stunned the world with the Log4Shell hack, revealing that the entire internet is scrambling to patch a vulnerability in a widely used Java utility that many companies employ in their servers. Also known as the Log4j hack, the security issue allows hackers to get into computer systems without a password. We saw the first proof of concept in Minecraft, where hackers used text messages to control a computer remotely.
TECHNOLOGY
NBC New York

EXPLAINER: Behind the ‘Log4j' Security Flaw That's Freaked Out the Internet

Security pros say it's one of the worst computer vulnerabilities they've ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it. The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it's so...
TECHNOLOGY
Apple Insider

Critical 'Log4J' Java flaw being used to deliver malware, crypto-miners

The flaw and a proof-of-concept exploit was publicly released on Friday, wreaking havoc across companies that use the popular Log4j Java platform. Impacted firms included Amazon, Apple, Steam, Minecraft, and a lot more. According to Bleeping Computer, threat actors have been using the vulnerability to deliver crypto-miners, botnet, and penetration...
SOFTWARE
Inman.com

New log4j cybersecurity flaw has exposed millions of users to hackers

Government officials said the flaw is already being “widely exploited” by nefarious bad actors, meaning there’s a good chance anyone reading this is at risk. Here’s what you need to know. A newly discovered security flaw in widely used computer code has put users, devices and...
COMPUTERS
Hot Hardware

Log4j Threat Worsens As Microsoft Warns Of Multiple State-Sponsored Hackers On The Warpath

In case you weren't yet taking the Log4shell vulnerability in Apache's Log4J seriously, here's another reason to do so: threat actors associated with malware distributors, ransomware-as-a-service vendors, and even nation-states are actively exploiting the flaw. Bad guys are scanning the web en masse looking for unpatched systems, and if you're running a server with an unpatched Log4j, they're likely to find it sooner than later.
SOFTWARE

