‘Internet’s on Fire Right Now’: Millions of Devices at Risk Over New Software Vulnerability

Contact Your Elected Officials
The Epoch Times Header

A newly discovered flaw in a common piece of open-source software is prompting researchers and companies to update their systems in a bid to prevent hacks and ransomware attacks.

The vulnerability, known as CVE-2021-44228, was disclosed on Dec. 9, which allows remote access to servers and code execution, some experts have said. Meanwhile, Log4j is used in a large number of enterprise systems, raising concerns that it may be easily exploited.

Since the vulnerability, which some dubbed “Log4Shell,” so is widespread and is likely present in highly-trafficked websites and apps, users may also see their favorite websites and apps be impacted.

Cybersecurity firms Mandiant and Crowdstrike said that hacking groups are trying to breach systems, and Mandiant described to Reuters that they are “Chinese government actors,” in reference to the ruling Chinese Communist Party.

“Given that Log4j has been a ubiquitous logging solution for Enterprise Java development for decades, Log4j has the potential to become a vulnerability that will persist within Industrial Control Systems (ICS) environments for years to come,” according to a blog post by cybersecurity researchers at Dragos.

A cybercriminal can exploit the flaw by sending a malicious code string that will get logged by the Log4j version, allowing the attacker to load an arbitrary Java code to a server. The vulnerability could potentially allow them to take control of the server.

Federal cybersecurity officials also reportedly expressed alarm over the vulnerability in recent days.

“This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,” Jen Easterly, the head of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said on a phone call. The Epoch Times has contacted CISA for comment.

Easterly warned that CISA can “expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents.”

The proverbial canary in the coal mine was when researchers noted that Minecraft’s servers could be compromised via the vulnerability. Microsoft last week posted instructions for how players could update the game’s Java version.

“This exploit affects many services—including Minecraft Java Edition,” said Microsoft. “This vulnerability poses a potential risk of your computer being compromised.”

In another stark warning, Cloudflare CEO Matthew Prince wrote Friday that his firm has “made the determination that Log4J is so bad we’re going to try and roll out at least some protection for all Cloudflare customers by default, even free customers who do not have our [enterprise suite]. Working on how to do that safely now.”

“It’s a design failure of catastrophic proportions,” Free Wortley, the CEO of the open-source data security platform LunaSec, wrote on its website last week.

Elaborating on what services could be targeted via the exploit, Wortley said that “Cloud services like Steam, Apple iCloud, and apps like Minecraft” have been discovered to be vulnerable. “Anybody using Apache Struts is likely vulnerable. We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach,” he said, referring to the hack that released millions of people’s credit data.

Last week, CISA issued an alert over the vulnerability, as did Australia’s cybersecurity agency. The Apache Software Foundation rates the vulnerability as “critical” and published ways to deal with it on Friday.

“The internet’s on fire right now,” warned Adam Meyers, a senior vice president with Crowdstrike. “People are scrambling to patch,” he told The Associated Press, “and all kinds of people scrambling to exploit it.”

By Jack Phillips

Read Original Article on TheEpochTimes.com

The Epoch Times
The Epoch Timeshttps://www.theepochtimes.com/
Tired of biased news? The Epoch Times is truthful, factual news that other media outlets don't report. No spin. No agenda. Just honest journalism like it used to be.

Trump’s Middle East Triumph is Worth Celebrating Even As Peace Remains Elusive 

President Trump’s bold foreign policy defies globalist appeasement, showcasing unwavering American strength and decisive leadership on the world stage.

Are conservatives fighting a fiction of woke?

Wokery, it hurts to say it, is too disorganized to have an organized cosmology or doctrine of metaphysical belief.

Illinois Democrat Offenders Reveal Party

The crime of J.B Pritzker and Brandon Johnson in this episode of American history is called subversion at the least , but could be as serious as treason.

Inside the Public School Librarian Jihad to Keep Transgender Propaganda on Shelves

Public school librarians are doing all they can to keep child tranny propaganda flowing directly into the malleable minds of their charges.

Five Reasons Why The Latest Czech Elections Were So Important

Populist-nationalist politician Andrej Babis is poised to return to the premiership after his party's victory. Here are 5 reasons why this is so important.

New York AG Letitia James Indicted on Federal Charges

New York Attorney General Letitia James was indicted by a grand jury on federal charges, according to an indictment on unsealed on Thursday.

6 Ways Vaccine Policy Has Changed Under RFK Jr.

Health Sec RFK, Jr. and officials at the HHS changed recommendations and policies for multiple vaccines, including shots against COVID-19 and measles.

Journalists Recount Antifa Violence in Roundtable With Trump

President Trump met at the White House with journalists attacked by the newly designated terrorist group Antifa, joined by Cabinet officials for a roundtable.

IRS to Furlough 34,000 Employees as Government Shutdown Halts Treasury Operations

The IRS said in an emergency message to staff that it will furlough more than 34,000 employees starting on Oct. 8 due to the government shutdown.

Trump Says He May Invoke Insurrection Act in Portland If Necessary

President Donald Trump on Oct. 6 said he may consider invoking the Insurrection Act in Portland, Oregon, if necessary.

Trump: All Medium, Heavy Duty Trucks Entering US Will See 25 Percent Tariff on Nov. 1

President Trump announced on Monday that all medium and heavy-duty trucks entering the United States will see a 25 percent tariff starting on Nov. 1.

Treasury Names Social Security Commissioner as CEO of IRS

Treasury Sec. Scott Bessent announced that Frank Bisignano, the head of the Social Security Administration (SSA), will also serve as CEO of the IRS.

Agencies Terminated, Descoped 94 Wasteful Contracts With $8.5 Billion Ceiling Value, Says DOGE

Various federal government agencies have terminated and descoped 94 wasteful contracts over the past five days, DOGE said in an Oct. 4 post on X.
spot_img

Related Articles

Popular Categories

MAGA Business Central