Cybersecurity experts are sounding the alarm on a critical flaw detected in the widely used Java-based software, Log4j, declaring a huge portion of the internet at serious risk, according to CNN.
The “vulnerability,” as the glitch is being referred to, has industry giant, such as Apple‘s cloud computing service, security firm Cloudflare and Minecraft, operating on emergency mode to find a solution since the flaw was discovered last week.
The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, descfribed it as “one of the most serious flaws” she witnessed in her career. She also warned that “a growing set” of hackers are currently attempting to exploit the flaw.
“This is a ticking time bomb for companies.”– CEO of cybersecurity firm TrustedSec, David Kennedy
On Tuesday, more than 100 hacking attempts were detected every minute, according to the cybersecurity firm Check Point.
A nonprofit that developed Log4j, Apache Software Foundation, released a security fix to be applied for organizations.
What is Log4j and Why is This Important?
Log4j, one of the most popular online logging libraries, provides software developers means to build a log of activity used for a variety of reasons and purposes, including troubleshooting, auditing and data tracking. Since it is open-source and free-of-charge, the library is linked to the entire internet.
The Chief Research Officer at the cybersecurity firm Veracode, Chris Eng, told CNN Business “It’s ubiquitous. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open source libraries you use depends on Log4j,”
The software is present in the most widely-used mobile application and websites, with companies like Apple, IBM, Oracle, Cisco, Google and Amazon running the software, putting millions of devices across the globe at risk.
What is exceptionally worrying is that hackers can gain access to one of those company’s computer server and network and it is very hard to determine whether or not the system has been compromised.
While the pressure and risk mainly concerns companies, individuals are advised to continue updating devices, software and mobile applications whenever updates are made available.