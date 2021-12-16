ContributorsPublishersAdvertisers
How Log4j vulnerability could affect the WHOLE internet as tech giants race to fix flaw – here’s how it could impact you

By Julia Elbaba
The US Sun
The US Sun
 16 hours ago
https://img.particlenews.com/image.php?url=2naIVN_0dOaHGcL00

CYBERSECURITY experts issued a warning about a software flaw called Log4j as tech giants are racing to prevent potential risks for internet users.

Companies including Apple, IBM, Oracle, Cisco, Google, Amazon all utilize the vulnerable software, affecting “hundreds of millions of devices” around the world.

https://img.particlenews.com/image.php?url=0DqdzO_0dOaHGcL00
Companies including Apple, IBM, Oracle, Cisco, Google, Amazon all utilize the vulnerable software Credit: Getty

Researchers are alerting that Minecraft, one of the most popular video games worldwide, and Cloudflare, Apple’s cloud computing platform are two of the many services that use Log4j.

According to cybersecurity officials, Log4j is used to record user activity and review the behavior of applications.

It has been downloaded millions of times and is one of the most popular tools to collect data from various networks.

Additionally, the flaw is so dangerous because it’s difficult to discover if your system has been compromised or not.

In a statement on Saturday, Jen Easterly, head of the Department of Homeland Security and Agency (CISA) said the vulnerability was “one of the most serious flaws” she has ever seen” as the number of hackers is “growing.”

On Tuesday, the non-profit developers of Log4j named Apache Software Foundation released a strategy to protect company security.

https://img.particlenews.com/image.php?url=0DWPTy_0dOaHGcL00
When prompted, internet users must update all of their devices Credit: AFP

When prompted, internet users must update all of their devices in a timely manner, especially with the holidays right around the corner.

Companies have been warned to be on high alert over the holiday season for cyberattacks and other security flaws.

"What I'm most concerned about is the school districts, the hospitals, the places where there's a single IT person who does security who doesn't have time or the security budget or tooling," said Katie Nickels, Director of Intelligence at cybersecurity firm Red Canary.

"Those are the organizations I'm most worried about -- small organizations with small security budgets."

'APOCALYPSE'

The US is risking an "apocalypse" with millions lined up for basic needs if there is a cyberattack on the power grid, experts have warned.

Experts have been worried for years that the national power grid is vulnerable to cyberattacks from outside countries should they wish to target the US.

A study being carried out by researchers at Hudson Institute's Quantum Alliance Initiative is looking into how destructive a hypothetical quantum cyberattack on the US power grid would be, and preliminary results are bleak, to say the least.

The early results suggest that the protection of the country's power grids should be an urgent priority, much more so than it already is.

The US Sun

Android users warned to change settings immediately

IF YOU use an Android-powered device, then clearing your cached data and cookies can help protect your browser history. Experts warn that every time you browse the internet, your Android phone's web browser app accumulates your browsing data, making it vulnerable to third parties and slowing down your phone. This...
CELL PHONES
Ars Technica

Thousands of AT&T customers in the US infected by new data-stealing malware

Thousands of networking devices belonging to AT&T Internet subscribers in the US have been infected with newly discovered malware that allows the devices to be used in denial-of-service attacks and attacks on internal networks, researchers said on Tuesday. The device model under attack is the EdgeMarc Enterprise Session Border Controller,...
PUBLIC SAFETY
IN THIS ARTICLE
#Tech#Cloud Computing#Cybersecurity#Ibm#Cisa#Red Canary
The Oregonian

Log4j vulnerability: What you need to know about the software bug

A flaw in Log4j, a Java library for logging error messages in applications, has prompted governments to issue urgent warnings and forced companies to rush in to fix one of the most serious software flaws. According to internet infrastructure provider Cloudflare, Log4j exploits started on December 1. Since then, warnings...
SOFTWARE
CNET

If you're worried about online privacy, this is the browser you should use

No one wants to leak their private information as they browse the web. Chrome, Safari, Firefox and other popular browsers can help keep your data away from prying eyes. The caveat, however, is that securing those web browsers requires setting up a few security-minded extensions or tweaking privacy settings in preferences. There is one browser -- with its own privacy-focused search engine -- that takes the setup and fiddling out of the process, going all-in on guarding your data.
INTERNET
lifewire.com

How the Log4J Security Vulnerability Puts You at Risk

Hackers posted a code revealing an exploit in a widely used Java logging library. Cybersecurity sleuths noticed mass scanning across the web looking for exploitable servers and services. The Cybersecurity and Infrastructure Security Agency (CISA) has urged vendors and users to patch and update their software and services urgently. The...
SOFTWARE
Mac Observer

‘EWDoor’ Malware Attacks Thousands of AT&T Internet Subscribers

Hackers are exploiting a bug from 2017 to attack the EdgeMarc Enterprise Session Border Controller. This device is used by businesses to manage phone calls and video calls. The vulnerability being exploited to infect the devices is tracked as CVE-2017-6079, a command-injection flaw that penetration tester Spencer Davis reported in 2017 after using it to successfully hack a customer’s network. The vulnerability stemmed from an account in the device that, as Davis learned from this document, had the username and password of “root” and “default.”
COMPUTERS
New Scientist

Log4j software bug is 'severe risk' to the entire internet

A major security flaw has been discovered in a piece of software called Log4j, which is used by millions of web servers. The bug leaves them vulnerable to attack, and teams around the world are scrambling to patch affected systems before hackers can exploit them. “The internet’s on fire right now,” said Adam Meyers at security company Crowdstrike.
INTERNET
bleepingcomputer.com

Android banking malware infects 300,000 Google Play users

Malware campaigns distributing Android trojans that steals online bank credentials have infected almost 300,000 devices through malicious apps pushed via Google's Play Store. The Android banking trojans delivered onto compromised devices attempt to steal users' credentials when they log in to an online banking or cryptocurrency apps. Credential theft is commonly done using fake bank login form overlays displayed on top of the legitimate apps' login screens.
CELL PHONES
CNN

The Log4j security flaw could impact the entire internet. Here's what you should know

New York (CNN Business) — A critical flaw in widely used software has cybersecurity experts raising alarms and big companies racing to fix the issue. The vulnerability, which was reported late last week, is in Java-based software known as "Log4j" that large organizations use to configure their applications -- and it poses potential risks for much of the internet.
INTERNET
Ars Technica

Hackers launch over 840,000 attacks through Log4J flaw

Hackers including Chinese state-backed groups have launched more than 840,000 attacks on companies globally since last Friday, according to researchers, through a previously unnoticed vulnerability in a widely used piece of open-source software called Log4J. Cyber security group Check Point said the attacks relating to the vulnerability had accelerated in...
TECHNOLOGY
The Independent

Microsoft Windows starts telling users off if they try to download Google’s Chrome browser

Microsoft has started telling off Windows users if they try and download the rival Chrome browser.If users navigate to the page to download Chrome on their Windows computer, they will see an array of pop-ups that gently chide them for trying to download Google’s alternative.Instead, they are encouraged to use Microsoft’s built-in Edge browser.The notifications appear differently from normal Edge notifications, and as such seem to have been coded into Windows itself. They are showing on both Windows 10 and 11.Some of the prompts are more dry, simply claiming that Edge is a better browser and users should download it....
SOFTWARE
TechCrunch

Microsoft seizes control of websites used by China-backed hackers

Microsoft’s Digital Crimes Unit (DCI) said on Monday that a federal court in Virginia had granted an order allowing the company to take control of the websites and redirect the traffic to Microsoft servers. These malicious websites were being used by a state-sponsored hacking group known as Nickel, or APT15, to gather intelligence from government agencies, think tanks and human rights organizations, according to the company.
TECHNOLOGY
Detroit News

Companies rush to fix software exploit after US warning

Major global companies are facing pressure to fix what experts are calling one of the most serious software flaws in recent memory. The flaw in the Log4j software could allow hackers unfettered access to computer systems and has prompted an urgent warning by the U.S. government’s cybersecurity agency. Microsoft...
SOFTWARE
The Independent

log4j: Tech companies scramble to fix software vulnerability that ‘threatens entire internet’

Tech companies across the world are under pressure to fix a software vulnerability that many cybersecurity experts are calling one of the worst to be discovered in recent years.The vulnerability, known as Log4shell, was identified in Apache’s Log4j software library that helps developers keep track of changes in the applications they build.The software flaw was first noticed on sites catering to the popular video game Minecraft, and was officially reported to Apache on 24 November by Chen Zhaojun of Alibaba, according to Crowdstrike. But it soon became clear that the vulnerability had far-reaching implications since the software is ubiquitous, used...
SOFTWARE
TechRadar

Google moves to shut down huge botnet

Google has begun taking steps to shut down a sophisticated botnet which uses blockchain technology to protect itself and is being used to target Windows devices. For those unfamiliar, a botnet is a network of devices connected to the internet that have been infected with malware that places them under the control of cybercriminals and other bad actors. These infected devices are then used for malicious purposes such as stealing your sensitive information or committing fraud.
INTERNET
