Arab Press

بالشعب و للشعب
Thursday, Mar 28, 2024

Log4j software flaw 'endemic,' new cyber safety panel says

Log4j software flaw 'endemic,' new cyber safety panel says

A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden.
The Cyber Safety Review Board said in a report Thursday that while there hasn’t been sign of any major cyberattack due to the Log4j flaw, it will still “be exploited for years to come.”

“Log4j is one of the most serious software vulnerabilities in history,” the board’s chairman, Department of Homeland Security Under Secretary Rob Silvers, told reporters Wednesday.

The Log4j flaw, made public late last year, lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. The first obvious signs of the flaw’s exploitation appeared in Minecraft, a hugely popular online game owned by Microsoft.

The flaw’s discovery prompted urgent warnings by government officials and massive efforts by cybersecurity professionals to patch vulnerable systems.

The board said Thursday that “somewhat surprisingly” the exploitation of the Log4j bug had occurred at lower levels than experts predicted. The board also said that it was unaware of any “significant” Log4j attacks on critical infrastructure systems but noted that some cyberattacks go unreported.

The board said future attacks are likely in large part because Log4j is routinely embedded with other software and can be hard for organizations to find running in their systems.

“This event is not over,” Silvers said.

Log4j, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers.

A security researcher at the Chinese tech giant Alibaba notified the foundation on Nov. 24. It took two weeks to develop and release a fix. Chinese media reported that the government punished Alibaba for not reporting the flaw earlier to state officials.

The board said Thursday it found “troubling elements” with the Chinese government’s policy toward vulnerability disclosures, saying it could give Chinese state hackers an early look at computer flaws they could use for nefarious means like stealing trade secrets or spying on dissidents. The Chinese government has long denied wrongdoing in cyberspace and told the board that it encourages improved information sharing on software vulnerabilities.

The board offered a number of recommendations on mitigating the fallout of the Log4j flaw as well as improving cybersecurity generally. That includes the suggestion that universities and community colleges make cybersecurity training a required part of computer science degree and certification programs.

The Cyber Safety Review Board is modeled after the National Transportation Safety Board, which reviews plane crashes and other major accidents, and was mandated by an executive order Biden signed last May. The 15-member board is made up of FBI, National Security Agency and other government officials as well as people from the private sector. Some supporters of the new board criticized DHS for taking so long to get it up and running.

Biden’s executive order directed the board to conduct its first review on the massive Russian cyber espionage campaign known as SolarWinds. Russian hackers were able to breach several federal agencies, including accounts belonging to top cybersecurity officials at DHS, though the full fallout from that campaign is still unclear.

Silvers said DHS and the White House agreed that reviewing the Log4j flaw was a better use of the new board’s expertise and time.
Newsletter

Related Articles

Arab Press
0:00
0:00
Close
China Criticizes US for Vetoing UN Ceasefire Resolution in Gaza
Saudi Arabia ranks first in UN index for e-government services in MENA
Israel Records 20% Drop In GDP, War In Gaza Is The Reason
Saudi Arabia's FDI Inflows Grow with New International Standards
Venture Capitals Power Up Across MENA Region
PM Modi Announces Opening Of New CBSE Office In Dubai
January Funding for MENA Startups Totals $86.5 Million
Saudi Arabia accelerates digital economy growth through Nvidia partnership
Israel unveils tunnels underneath Gaza City headquarters of UN agency for Palestinian refugees
Israel deploys new military AI in Gaza war
Egypt threatens to suspend key peace treaty if Israel pushes into Gaza border town, officials say
Saudi Arabia Warns Of A "Humanitarian Catastrophe" If Israel Moves On Rafah
US University To Shut Qatar Campus Due To "Heightened Mideast Instability"
Facebook and Instagram Ban Iran's Supreme Leader
Defense Technology Showcase Held in Riyadh
Saudi Arabia’s non-oil exports rise 2.5% to $6bn in November 2023: GASTAT
Rolls-Royce Executive Encourages Saudi Women to Tap into Their Inner 'Superhero' for Success in Defense Industry
Saudi Arabia launches National Academy of Vehicles and Cars
Saudi Tourism Minister Reveals Plan for 250,000 New Hotel Rooms by 2030
SAR to more than double eastern network passenger capacity with new trains deal
Saudi Arabia Enhances National Defense with New Partnerships
Saudi Aramco Maintains Arab Light Crude Pricing to Asia for March
NEOM Establishes New York Office to Support Investors
Saudi Wealth Fund Draws in Over $25 Billion Worth of Investments in Three Years, Al-Rumayyan Reveals
The Saudi Kingdom's Ultimatum to Israel: A Win-Win Peace with Saudi Arabia and the Arab World, or a Lose-Lose Continued Occupation and Endless Conflict
Biden condemns anti-Arab hate after WSJ opinion piece calls Dearborn ‘jihad capital’
Turkey Releases Seven Hostages Captured by Pro-Gaza Gunman
Arab Parliament Commends Women's Contributions to Societal Development
British and Hungarian Foreign Ministers visited Lebanese leaders to stress the importance of enacting UN Resolution 1701
Yemen's Houthis Say They Targeted British Merchant Vessel In Red Sea
Donald Trump Nominated for Nobel Peace Prize for 'Historic' Middle East Policy
US lawmakers approve F-16 jet sale to Turkey following NATO expansion support
Saudi Arabia Climbs 25 Places in World Bank's National Statistics Indicator
Tourism Growth in Saudi Arabia Fuels Advancements in the Hospitality Industry," Says Rotana Official
Houthi Rebels Request Departure of UN Staff from Yemen, Including US and UK Personnel, within a Month
Modi Inaugurates Hindu Temple on Site of Demolished Mosque in India
Over 25,000 Deaths in Gaza Amid Israeli Offensive
Escalating Clashes in Gaza as Israel Distributes Leaflets to Assist in Locating Hostages
Turkey's First Astronaut Set to Launch for International Space Station Today
Head of Palestinian Investment Fund Warns More People May Die of Hunger Than War in Gaza
Palestinian Envoy Criticizes UK for Alleged 'Double Standards' in Policies Toward Israel
Morocco to Lead UN Human Rights Council in 2024
Is artificial intelligence the solution to cyber security threats?
Egypt has been identified as the leading military force among Arab nations and ranks 15th globally
The AI Revolution in the Workforce: CEOs at Davos Predict Major Job Cuts in 2024
Iranian Nobel Laureate Narges Mohammadi Receives Additional Prison Sentence
"Gazans Urge Israeli Forces to Target Hamas in Leaked Audio"
Biden States US and UK Airstrikes on Houthis Were a 'Defensive Action
Large Pro-Palestine Rally in London as Gaza Conflict Hits Day 100
South Africa Urges World Court to Halt Israeli Actions in Gaza
×