The vulnerability was found in software known as “Log4j” which is commonly used by some of the world’s biggest tech firms to log information on their applications. This security flaw allows easy access to an organization’s server. From there, a hacker can easily break into an organization’s network.
Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency said:
This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious. We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents.
Cybersecurity experts have said that it could take weeks to address the vulnerability and suspected Chinese hackers are already attempting to exploit it.
The creator of Log4j software, The Apache Software Foundation, has released a security fix for organizations to apply. Major companies including Amazon and IBM are already working on addressing the bug in their products.
Tags:
technews