English 
Francês 
Alemão 
Italiano 
Japonês 
Norueguês 
Portuguese 
Spanish 
3 min of reading 
Security Technicians Are Working to Fix a Widespread Software Flaw That Could Trigger Cyberattacks
Cybersecurity officials at major technology companies are working tirelessly to fix a software flaw that could lead to new cyberattacks in a commonly used software. The bug in an obscure server called Log4j has prompted investigations into the impact of the issue on the site of Amazon.com, Twitter, Microsoft, and Cisco Systems, according to the companies.
Check Also:
- Petrobras reportedyesterday (12/13) that it had to halt gas production at the Manati field in Bahia
- Petrobras reported yesterday (12/13) that it received authorization for operational tests at the GasLub Pole in Itaboraí
- Startups are heating up the job market with over 275 job openings in-person and remote, for elementary, high school, vocational, and higher education
Amazon, the leading company in cloud computing worldwide, issued the following statement: “We are actively monitoring this issue and working to resolve it.” The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security warned on Friday about the vulnerability and urged companies to take action.
“To be clear, this vulnerability poses a serious risk. We will only mitigate potential impacts through collaborative efforts between the government and the private sector,” said CISA Director Jen Easterly.
-
Chinese giant worth nearly R$ 4 billion that manufactures cables for electric cars, solar energy, and robotics wants to open a factory in SC.
-
Many employers do not know, but the law guarantees domestic workers a 25% increase in salary during trips, 50% for overtime, 20% for night shifts, and 17 additional benefits that can lead to labor lawsuits if not paid.
-
Gasoline prices soar and the question arises: is ethanol more advantageous? The 70% rule reveals the limit with gasoline.
-
The government has made a decision and is starting a test with more ethanol in gasoline, anticipating a mixture of up to 35%, diesel with 25% biodiesel, and a study to assess the impacts on engines.
Software Providers Are Working on Fixes
Software providers that include Log4j in their products, such as Red Hat, Oracle, and VMware of International Business Machines, have reported that they are working on fixes. Since the bug is easily accessible and the attacks are difficult to contain, the Log4j vulnerability could be exploited by hackers in the coming years to breach corporate systems, according to Aaron Portnoy, Chief Scientist at the security company Randori. “It’s one of the most significant vulnerabilities I’ve seen in a long time,” he stated.
The issue allows hackers to turn log files, an algorithm that tracks user actions in the system, into malicious activities that force computers to download unauthorized software, creating a backdoor in the victims’ systems.
Software Downloaded Millions of Times
The harm was reported to the Log4j development team, a group of volunteer programmers who distribute free software, last month, according to Ralph Goers (one of them). As Log4j is provided for free, it’s unclear how many servers have been affected by the issue, but the logging software has been downloaded millions of times, the programmer stated.
The hackers’ initial attempt to exploit the bug was aimed at accessing servers running Microsoft’s Minecraft software, according to researchers. However, it later became apparent that there was widespread scanning and attempts to exploit the Log4j bug.
Microsoft issued a notice advising Minecraft players to update the system to fix the bug.
Cisco is searching for the Log4j bug in more than 150 products. So far, vulnerabilities have been found in three products, while 23 have been declared not vulnerable by a company spokesperson.
Seja o primeiro a reagir!