Jan 10, 2022
91 Views
0 0

The latest on the Log4j vulnerability

Written by

The threat posed by the Log4j vulnerability hasn’t gone away over the holidays, with the UK’s National Health Service (NHS) issuing a warning that hackers are actively targeting the security flaw and recommending that organisations within the health service apply the necessary updates in order to protect themselves.
Affected organisations should review the VMware Horizon section of the VMware security advisory VMSA-2021-0028 and apply the relevant updates or mitigations immediately or subsequently consult the NHS Digital High Severity Cyber Alert CC-3995,” said the advisory.
In early January, the Federal Trade Commission went furtherand also shared an announcement warning that it will go after any US company that fails to protect its customers’ data against ongoing Log4J attacks.
“Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is being widely exploited by a growing set of attackers,” said the FTC’s official warning.
The Log4j vulnerability is part of a broader set of structural issues. It is one of thousands of unheralded but critically important open-source services that are used across a near-innumerable variety of internet companies. These projects are often created and maintained by volunteers, who don’t always have adequate resources and personnel for incident response and proactive maintenance even as their projects are critical to the internet economy.[1] This overall dynamic is something the FTC will consider as we work to address the root issues that endanger user security,” it concluded.
In a blog published last week, cybersecurity vendor Armis stated that hackers continued to exploit Log4j over the holidays , noting a significant increase in the number of attacks detected in ICS/OT networks. The most targeted devices were virtual machines, servers and personal computers, though IP cameras, printers, mobile phones, and cameras were also subjected to attack. Dana Tamir, VP of product marketing at Armis said “We expect to see more attacks targeting organizations in 2022. And while organizations are working furiously to patch vulnerable systems, vulnerable systems will continue to exist in our environments, either because they are difficult to patch, or can’t be patched at all. This requires us to keep track of unpatched, vulnerable systems, and ensure other protections are in place to prevent exploitation. In addition, it’s important to detect threats targeting these systems in real-time, to properly respond to this threat.”
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy settings
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance

source

Article Categories:
Mobile Security

Comments are closed.