Technology

‘The internet is on fire’: Software vulnerability sparks scramble to stop growing threat – National

One important vulnerability in a widely used software tool – one that is rapidly being exploited in the online game Minecraft – that is rapidly emerging as a major threat to organizations worldwide.

blank

“The internet is on fire right now,” said Adam Meyers, senior vice president of intelligence at cybersecurity firm Crowdstrike. “People are scrambling to patch it,” he said, “and all sorts of people are scrambling to exploit it.” He said Friday morning that in the 12 hours since the bug’s existence was revealed it had been “fully weaponized,” meaning counterfeiters had developed and distributed tools to exploit it.

Read more:

Apple releases critical software patch to fix security hole

This vulnerability is possibly the worst computer vulnerability discovered in years. It has been discovered in a common utility in cloud servers and enterprise software used across industry and government. Unless it’s fixed, it allows criminals, spies, and newbies to programming easily to gain access to internal networks where they can steal valuable data, install malware, delete important information and more.

The story continues below the ad

“It would be hard for me to think of a company without risk,” said Joe Sullivan, chief security officer of Cloudflare, whose online infrastructure protects websites from malicious actors. Not to mention millions of servers already have it installed and experts say the leak will not be known for the next few days.

Amit Yoran, CEO of cybersecurity company Tenable, calls it “the biggest, most critical security hole of the past decade” — and possibly the largest in modern computing history.


Click to play video:'Bug on iPhone, iPad may have opened door for hackers, security firm says'







Bugs on iPhone, iPad may have opened the door for hackers, security company says


Security firm says bug in iPhone, iPad may have opened door for hackers – April 22, 2020

The vulnerability, called Log4Shell, is rated 10 on a scale of 1 to 10 by the Apache Software Foundation, the organization that oversees the development of the software. Anyone with an exploit can get full access to an unpatched computer using the software,

Experts say the vulnerability that allows attackers to access a web server – without a password – with extreme ease is what makes it so dangerous.

The story continues below the ad

New Zealand’s Computer Emergency Response Team was among the first to report that the vulnerability is being “actively exploited in the wild” just hours after it was publicly reported on Thursday and a patch released.

The vulnerability resides in the open-source Apache software used to run websites and other web services, reported by Chinese tech giant Alibaba on Nov. 24. It took two weeks. to develop and release a fix.

But patching systems around the world can be a complicated task. Although most organizations and cloud service providers like Amazon can update their web servers easily, the same Apache software is also often embedded in third-party programs, which These programs are usually only updated by their owners.

Read more:

Malware found in Microsoft systems, linked to US cyberattack

Yoran, of Tenable, said organizations need to assume they’ve been compromised and act quickly.

The first clear signs of an exploit appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Meyers and security expert Marcus Hutchins said Minecraft users used it to execute programs on other users’ computers by pasting a short message into a chat box.

Microsoft says it has released a software update for Minecraft users. It says: “Customers who apply the fix will be protected.

The story continues below the ad

Researchers say they have found evidence that the vulnerability can be exploited in servers operated by companies like Apple, Amazon, Twitter, and Cloudflare.

Cloudflare’s Sullivan says we have no indication his company’s servers have been compromised. Apple, Amazon and Twitter did not immediately respond to a request for comment.

© 2021 Canadian Press

https://globalnews.ca/news/8442925/software-vulnerability-internet-log4shell/ ‘The internet is on fire’: Software vulnerability sparks scramble to stop growing threat – National

TaraSubramaniam

Daily Nation Today is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@dailynationtoday.com. The content will be deleted within 24 hours.

Related Articles

Back to top button