Experts call for fixing flaws in the Log4j software that could be serious in recent memory. The defect can allow unfettered access to hackers across computer systems. The urgent warning from the cybersecurity agency of the U.S. government put pressure on major global corporations to fix their software.
As per Bloomberg News, Cisco Inc. and Microsoft Inc. had published advisories about software flaws which the developers fixed last week. But the real solution depends on how thousands of companies who have already installed them fix the software before it is exploited.
Charles Carmakal, CTO at Mandiant Inc., a cybersecurity firm, said that it was the worst security vulnerability in the past ten years. Many large companies have requested their help in the last few days.
Apache Software Foundation, the non-profit that maintains Log4j, confirmed that the cloud security team of Alibaba Group discovered the flaw in the software. Hackers can take over systems exploiting the vulnerability. Updating and patching the software is a painstaking process as the faulty computer code is baked into various software.
Jen Easterly, Director of the U.S. cybersecurity Infrastructure Security Agency (CISA), said in a statement Friday that the vulnerability poses a severe threat. Vendors should immediately identify and patch the array of products using this software.
The Log4j software based on Java Language is likely to affect several products of VMWare Inc., makers of virtual computer software.
The CEO of Tenable Inc., Amit Yoran, said that the Log4j software, used widely, has reported that three systems are affected by customers using Tenable’s software vulnerability scanning product every second.
Easterly said that CISA is taking urgent action on the vulnerability’s mitigation drive and detecting any threat associated with it. The agency has not found any compromise in the federal systems as of Saturday.
