Arab Press

بالشعب و للشعب
Monday, Jun 30, 2025

Log4j software flaw 'endemic,' new cyber safety panel says

Log4j software flaw 'endemic,' new cyber safety panel says

A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden.
The Cyber Safety Review Board said in a report Thursday that while there hasn’t been sign of any major cyberattack due to the Log4j flaw, it will still “be exploited for years to come.”

“Log4j is one of the most serious software vulnerabilities in history,” the board’s chairman, Department of Homeland Security Under Secretary Rob Silvers, told reporters Wednesday.

The Log4j flaw, made public late last year, lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. The first obvious signs of the flaw’s exploitation appeared in Minecraft, a hugely popular online game owned by Microsoft.

The flaw’s discovery prompted urgent warnings by government officials and massive efforts by cybersecurity professionals to patch vulnerable systems.

The board said Thursday that “somewhat surprisingly” the exploitation of the Log4j bug had occurred at lower levels than experts predicted. The board also said that it was unaware of any “significant” Log4j attacks on critical infrastructure systems but noted that some cyberattacks go unreported.

The board said future attacks are likely in large part because Log4j is routinely embedded with other software and can be hard for organizations to find running in their systems.

“This event is not over,” Silvers said.

Log4j, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers.

A security researcher at the Chinese tech giant Alibaba notified the foundation on Nov. 24. It took two weeks to develop and release a fix. Chinese media reported that the government punished Alibaba for not reporting the flaw earlier to state officials.

The board said Thursday it found “troubling elements” with the Chinese government’s policy toward vulnerability disclosures, saying it could give Chinese state hackers an early look at computer flaws they could use for nefarious means like stealing trade secrets or spying on dissidents. The Chinese government has long denied wrongdoing in cyberspace and told the board that it encourages improved information sharing on software vulnerabilities.

The board offered a number of recommendations on mitigating the fallout of the Log4j flaw as well as improving cybersecurity generally. That includes the suggestion that universities and community colleges make cybersecurity training a required part of computer science degree and certification programs.

The Cyber Safety Review Board is modeled after the National Transportation Safety Board, which reviews plane crashes and other major accidents, and was mandated by an executive order Biden signed last May. The 15-member board is made up of FBI, National Security Agency and other government officials as well as people from the private sector. Some supporters of the new board criticized DHS for taking so long to get it up and running.

Biden’s executive order directed the board to conduct its first review on the massive Russian cyber espionage campaign known as SolarWinds. Russian hackers were able to breach several federal agencies, including accounts belonging to top cybersecurity officials at DHS, though the full fallout from that campaign is still unclear.

Silvers said DHS and the White House agreed that reviewing the Log4j flaw was a better use of the new board’s expertise and time.
Newsletter

Related Articles

Arab Press
0:00
0:00
Close
Robots Compete in Football Tournament in China Amid Injuries
China Unveils Miniature Insect-Like Surveillance Drone
Marc Marquez Claims Victory at Dutch Grand Prix Amidst Family Misfortune
Iran Executes Alleged Israeli Spies and Arrests Hundreds Amid Post-War Crackdown
Trump Asserts Readiness for Further Strikes on Iran Amid Nuclear Tensions
Qatar Airways Clears Backlog of Passengers Following Missile Threats
Iran's Parliament Votes to Suspend Cooperation with Nuclear Watchdog
Trump Announces Upcoming US-Iran Meeting Amid Controversial Airstrikes
Trump Moves to Reshape Middle East Following Israel-Iran Conflict
NATO Leaders Endorse Plan for Increased Defence Spending
U.S. Crude Oil Prices Drop Below $65 Amid Market Volatility
“You Have 12 Hours to Flee”: Israeli Threat Campaign Targets Surviving Iranian Officials
Oman Set to Introduce Personal Income Tax, First in Gulf
Germany and Italy Under Pressure to Repatriate $245bn of Gold from US Vaults
Trump Praises Iran’s ‘Very Weak’ Response After U.S. Strikes and Presses Israel to Pursue Peace
WATCH: Israeli forces show the aftermath of a massive airstrike at Iran's Isfahan nuclear site
We have new information and breaking details to share about what is shaping up to be a historic air campaign tonight
Six Massive Bombs Dropped on Fordow; Trump: 'A Historic Moment for the U.S., Israel, and the World'
Fordow: Deeply Buried Iranian Enrichment Site in U.S.–Israel Crosshairs
United States Conducts Precision Strikes on Iran’s Nuclear Sites
US strikes Iran nuclear sites, Trump says
Pakistan to nominate Trump for Nobel Peace Prize.
Israel Confirms Assassination of Quds Force Commander in Tehran
16 Billion Login Credentials Leaked in Unprecedented Cybersecurity Breach
Senate hearing on who was 'really running' Biden White House kicks off
G7 Leaders Fail to Reach Consensus on Key Global Issues
Mass exodus in Tehran as millions try to flee following Trump’s evacuation order
Iranian Military Officers Reportedly Seek Contact with Reza Pahlavi, Signal Intent to Defect
China's Iranian Oil Imports Face Disruption Amid Escalating Middle East Tensions
Trump Demands Iran's Unconditional Surrender Amid Escalating Conflict
Israeli Airstrike Targets Iranian State TV in Central Tehran
President Trump is leaving the G7 summit early and has ordered the National Security Council to the Situation Room
Netanyahu Signals Potential Regime Change in Iran
Analysts Warn Iran May Resort to Unconventional Warfare
Iranian Regime Faces Existential Threat Amid Conflict
Energy Infrastructure Becomes War Zone in Middle East
Iran Conducts Ballistic Missile Launches Amid Heightened Tensions with Israel
Iran Signals Openness to Nuclear Negotiations Amid Ongoing Regional Tensions
Shock Within Iran’s Leadership: Khamenei’s Failed Plan to Launch 1,000 Missiles Against Israel
UK Deploys Jets to Middle East Amid Rising Tensions
Exiled Iranian Prince Reza Pahlavi Urges Overthrow of Khamenei Regime
Wreck of $17 Billion San José Galleon Identified Off Colombia After 300 Years
Iran Launches Extensive Missile Attack on Israel Following Israeli Strikes on Nuclear Sites
Israel Issues Ultimatum to Iran Over Potential Retaliation and Nuclear Facilities
Coinbase CEO Warns Bitcoin Could Supplant US Dollar Amid Mounting National Debt
Trump to Iran: Make a Deal — Sign or Die
Operation "Like a Lion": Israel Strikes Iran in Unprecedented Offensive
Israel Launches 'Operation Rising Lion' Targeting Iranian Nuclear and Military Sites
Israeli Forces Intercept Gaza-Bound Aid Vessel Carrying Greta Thunberg
IMF Warns of Severe Global Trade War Impacts on Emerging Markets
×