“I think what’s going to happen is it’s going to take two weeks before the effect of this is seen because hackers got into organizations and will be figuring out what to do to next.” John Graham-Cumming, chief technical officer of Cloudflare, whose online infrastructure protects websites from online threats. But experts say that’s probably just a matter of time. It said the flaw was exploited to plant cryptocurrency mining malware - which uses computer cycles to mine digital money surreptitiously - in five countries.Īs yet, no successful ransomware infections leveraging the flaw have been detected. The cybersecurity firm Check Point said Tuesday it detected more than half a million attempts by known malicious actors to identify the flaw on corporate networks across the globe. “A lot of people are already pretty stressed out and pretty tired from working through the weekend - when we are really going to be dealing with this for the foreseeable future, pretty well into 2022,” said Joe Slowik, threat intelligence lead at the network security firm Gigamon. A frantic weekend of trying to identify - and slam shut - open doors before hackers exploited them now shifts to a marathon. That will mean weeks of active monitoring. It took two weeks to develop and release a fix.īeyond patching to fix the flaw, computer security pros have an even more daunting challenge: trying to detect whether the vulnerability was exploited - whether a network or device was hacked.
#ABBY WINTERS FREE SOFTWARE#
“We expect remediation will take some time,” he said.Īpache Software Foundation said the Chinese tech giant Alibaba notified it of the flaw on Nov. Log4j is often embedded in third-party programs that need to be updated by their owners. Goldstein told reporters in a conference call Tuesday evening that CISA would be updating an inventory of patched software as fixes become available. It runs across many platforms - Windows, Linux, Apple’s macOS - powering everything from web cams to car navigation systems and medical devices, according to the security firm Bitdefender. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers. The affected software, written in the Java programming language, logs user activity on computers. “What we have here is a extremely widespread, easy to exploit and potentially highly damaging vulnerability that certainly could be utilized by adversaries to cause real harm," he said.Ī SMALL PIECE OF CODE, A WORLD OF TROUBLE He said no federal agencies were known to have been compromised. “I think we won’t see a single major software vendor in the world - at least on the industrial side - not have a problem with this,” said Sergio Caltagirone, the company’s vice president of threat intelligence.Įric Goldstein, who heads CISA's cybersecurity division, said Washington was leading a global response. A wide swath of critical industries, including electric power, water, food and beverage, manufacturing and transportation, were exposed, said Dragos, a leading industrial control cybersecurity firm.
0 kommentar(er)
