A serious vulnerability in a widely used software tool — a vulnerability that was quickly exploited in the online game Minecraft — is quickly becoming a major threat to organizations around the world.
Adam Meyers, senior vice president of intelligence at the cybersecurity company Crowdstrike, said: “The Internet is hot right now. People are scrambling to fix it,” he said. “All kinds of people are scrambling to take advantage of it.” He said on Friday that the vulnerability exists. Within 12 hours of, the vulnerability has been “fully weaponized,” which means that criminals have developed and distributed tools to exploit it.
This flaw may be the most serious computer vulnerability discovered in years. It was discovered in an open source logging tool, which is ubiquitous in cloud servers and enterprise software used across industries and governments. Unless it is fixed, it allows criminals, spies, and novice programmers to easily access the internal network, where they can plunder valuable data, plant malware, delete critical information, and so on. “It’s hard for me to think of Joe Sullivan, the chief security officer of a company Cloudflare, saying that the company’s online infrastructure can protect the site from malicious actors. Millions of servers have installed it, and experts say it took only a few days. Will know the consequences.
Amit Yoran, chief executive of the cybersecurity company Tenable, called it “the biggest and most critical vulnerability of the past decade” — and probably the biggest vulnerability in the history of modern computing.
This vulnerability, called “Log4Shell”, was rated 10 points by the Apache Software Foundation, with a score ranging from 1 to 10. The Apache Software Foundation is responsible for overseeing the development of the software. Anyone with the vulnerability can gain full access to an unpatched computer using the software. Experts say the vulnerability allows an attacker to access the Web server extremely easily — without a password — which is so dangerous reason.
A few hours after the public report on Thursday and the release of the patch, New Zealand’s Computer Emergency Response Team was the first to report that the vulnerability is being “actively exploited in the wild”.
The vulnerability is in the open source Apache software used to run websites and other network services. Chinese technology giant Alibaba reported the vulnerability to the foundation on November 24. It took two weeks to develop and release the fix.
But patching systems around the world can be a complex task. Although most organizations and cloud providers (such as Amazon) should be able to easily update their web servers, the same Apache software is often embedded in third-party programs, which can usually only be updated by their owners.
Tenable’s Yoran said that organizations need to assume that they have been threatened and act quickly.
The first obvious sign of this vulnerability being exploited appeared in Minecraft, an online game very popular with children and owned by Microsoft.
Complete News Source : Gadgets 360
