Tech Giants Microsoft, Amazon and Others Warn of Widespread Software Flaw
This new flaw is called Log4Shell and it allows an attacker to gain entry into servers and computer systems without a password. Within 12 hours of the Log4Shell exploit being found, hackers were already exploiting the vulnerability online. Cybersecurity researchers say they have seen thousands of attempts to exploit the bug.
Online Gaming sites are being exploited and any Cloud software entity is at risk. Amazon, Twitter and Cisco Systems are all working to protect users and study the threat against their systems.
Hackers started exploiting the recent flaw early Friday to gain access to servers running Microsoft’s Minecraft gaming software. Security experts noticed the flaw being exploited in Minecraft when players utilize chat features. A few lines of text passed among players can penetrate the defenses of a targeted computer. The text is part of Log4J and open source java based logging utility.
Soon they observed widespread scanning and attempts to trigger the Log4j bug across the internet. In a note published Friday, Microsoft advised Minecraft users to upgrade their software to patch the bug.
IBM's RedHat and Oracle's VMware are deploying patches. The flaw allows attackers to convert computer's log files (files that track a computer's activities) into malicious instructions forcing the machine to download software. Once this has happened an attacker has access to a victim's network.
Be aware that the threat is against all Internet entities and the problem is that each individual enterprise will have to patch their servers and systems. Some companies have already begun patching systems but this is not a coordinated simultaneous fix so some users will be at risks longer.
Roblox a popular gaming platform was mentioned on the news this a.m.
Massive data breaches have become so common that we’ve gotten numb to reports detailing another hack or 0-day exploit. That doesn’t reduce the risk of such events happening, as the cat-and-mouse game between security experts and hackers continues. As some vulnerabilities get fixed, others pop up requiring attention from product and service providers. The newest one has a name that will not mean anything to most people. They call the hack Log4Shell in security briefings, which doesn’t sound very scary. But the new 0-day attack is so significant that some people see it as the worst internet hack in history.
“The internet’s on fire right now,” Adam Meyers told AP News. “People are scrambling to patch and all kinds of people scrambling to exploit it.” Meyers is the senior vice president of intelligence at Crowdstrike, a cybersecurity company monitoring the Log4Shell hack.
https://bgr.com/tech/internet-is-scrambling-to-fix-log4shell-the-worst-hack-in-history/
Because the bug is easy to exploit and attacks hard to block, the Log4j problem could be used by hackers to break into corporate networks for years to come, said Aaron Portnoy, principal scientist with the security firm Randori. “It is one of the most significant vulnerabilities that I’ve seen in a long time,” he said.
DForce 11th Generation Intel unlocked Beasts!
No comments:
Post a Comment