A flaw in widely used computer code is prompting 100 new hacking attempts every minute, a security company says.<\/p>\n\n\n\n
Check Point said it had seen attempts to exploit the vulnerability on over 40% of corporate networks globally.<\/p>\n\n\n\n
One US official said the security flaw, Log4shell, posed a “severe risk”, with companies warning it was being actively used by criminal groups.<\/p>\n\n\n\n
Fixes have been issued but need to be implemented. Popular applications and cloud services have been affected.<\/p>\n\n\n\n
‘Specific address’
\nWritten in the programming language Java, Log4J, the code containing the flaw, is used by millions of computers running online services.<\/p>\n\n\n\n
In the last four months it had been downloaded 84 million times from the largest public repository of open-source Java components, Brian Fox of security company Sonatype, said.<\/p>\n\n\n\n
And the ease with which hackers could exploit the vulnerability was, “akin to someone figuring out that mailing a letter into your postbox, with a specific address written on it, allows them to open all your doors in your house”.<\/p>\n\n\n\n
Words such as “critical” and “emergency” are often bandied around by cyber-security people when a major flaw is discovered.<\/p>\n\n\n\n
But in this crisis, another word has stuck out – “trivial”.<\/p>\n\n\n\n
According to Crowdstrike, the weakness everyone is trying to fix is “trivial” to exploit.<\/p>\n\n\n\n
Often when a vulnerability is found in a computer system, there is a little bit of time to fix it.<\/p>\n\n\n\n
The cyber-criminals have to work out a way to attack and usually only the smartest crews can do so in the first few hours.<\/p>\n\n\n\n
But in this case, it is, apparently, very easy.<\/p>\n\n\n\n
We do not yet know how many of these attempted attacks are successful – but this incident has the potential to be extremely costly for corporations that become victims.<\/p>\n\n\n\n
For the average person, there is not a lot we can do.<\/p>\n\n\n\n
Make sure your apps and software are up to date – and send thoughts, prayers and hugs to the IT teams around the world trying to fix this problem.<\/p>\n\n\n\n
2px presentational grey line
\nResearchers at Chinese technology company Alibaba discovered the flaw last month.<\/p>\n\n\n\n
But it gained widespread public attention after being found affecting some sites hosting versions of Minecraft using Java.<\/p>\n\n\n\n
Before the flaw was made public, the Apache Software Foundation, which oversees the Log4j code, issued a fix for the problem, rating the problem a “10” – the highest level of seriousness.<\/p>\n\n\n\n
Cloudflare chief technology officer John Graham-Cumming told the Verge he had seen two only two other issues of similar severity in the past 10 years.<\/p>\n\n\n\n
‘Urgent challenge’
\nUS Cybersecurity and Infrastructure Security Agency director Jen Easterly also stressed the urgency of the situation.<\/p>\n\n\n\n
“To be clear, this vulnerability poses a severe risk,” she wrote.<\/p>\n\n\n\n
It was being widely exploited by hackers and “presents an urgent challenge to network defenders given its broad use”.<\/p>\n\n\n\n
Microsoft researchers said they had seen hackers using Log4shell to:<\/p>\n\n\n\n
install malicious software that mined crypto-currency
\nsteal passwords and log-ins
\nextract data from compromised systems<\/p>\n","protected":false},"excerpt":{"rendered":"
A flaw in widely used computer code is prompting 100 new hacking attempts every minute, a security company says. Check Point said it had seen attempts to exploit the vulnerability on over 40% of corporate networks globally. One US official said the security flaw, Log4shell, posed a “severe risk”, with companies warning it was being … Continue reading “Flaw prompts 100 hack attacks a minute, security company says”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3623","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts\/3623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/comments?post=3623"}],"version-history":[{"count":1,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts\/3623\/revisions"}],"predecessor-version":[{"id":3624,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/posts\/3623\/revisions\/3624"}],"wp:attachment":[{"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/media?parent=3623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/categories?post=3623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-battery.com\/batteriesblog\/wp-json\/wp\/v2\/tags?post=3623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}