According to a new cybersecurity group established by President Joe Biden, a computer vulnerability found in a widely used piece of software last year is an “endemic” issue that might pose security hazards for up to ten years.
According to a new cybersecurity group established by President Joe Biden, a computer vulnerability found in a widely used piece of software last year is an “endemic” issue that might pose security threats for a decade or more.
In a report released on Thursday, the Cyber Safety Review Board stated that even though there haven’t been any indications of a significant cyberattack caused by the Log4j bug, it will “continue to be exploited for years to come.”
According to the board’s head, Department of Homeland Security Under Secretary Rob Silvers, “Log4j is one of the most significant software vulnerabilities in history.”
The Log4j bug, which was made public late last year, makes it simple for internet-based attackers to take control of anything, from consumer gadgets to web servers and industrial control systems. The massively popular online game Minecraft, which is owned by Microsoft, showed the first clear indications of the flaw’s exploitation.
Government officials issued urgent advisories in response to the flaw’s disclosure, and cybersecurity experts worked tirelessly to fix susceptible systems.
The board noted on Thursday that it was “slightly surprising” that the Log4j problem had been exploited to a lesser extent than experts had anticipated. While noting that some cyberattacks go unreported, the board added that it was not aware of any “major” Log4j attacks on critical infrastructure systems.
The board stated that the likelihood of future assaults is increased in large part as a result of Log4j’s frequent integration with other programs and its potential difficulty in detection by enterprises.
Silvers replied, “This thing is not over.
Computer user activity is logged using the Java programming language’s Log4j. It is incredibly well-liked by developers of commercial software and is created and maintained by a small group of volunteers under the guidance of the open-source Apache Software Foundation.
On November 24, the foundation received a notification from an Alibaba security researcher. A fix was developed and released after two weeks. According to Chinese media, Alibaba was penalized by the government for failing to notify state officials of the problem sooner.
The board declared on Thursday that it had discovered “troubling elements” in the Chinese government’s approach to vulnerability disclosures, claiming that it might allow Chinese state hackers to get a head start on discovering computer flaws they could use for nefarious purposes like stealing trade secrets or surveilling dissidents. Long denying misconduct in cyberspace, the Chinese government recently informed the board that it supports increased information sharing on software vulnerabilities.
The board made many suggestions for limiting the effects of the Log4j bug as well as enhancing cybersecurity in general. This includes the recommendation that cybersecurity instruction is made a prerequisite for computer science degrees and certification programs at universities and community institutions.
An executive order issued by Biden in May of last year established the Cyber Safety Review Board, which was fashioned after the National Transportation Safety Board, which investigates fatal plane crashes and other significant mishaps. The FBI, National Security Agency, and other government authorities, as well as members of the corporate sector, make up the board’s fifteen members. Some of the new board’s backers lambasted DHS for taking so long to establish it.
The board was instructed by Biden’s executive order to evaluate the extensive Russian cyber espionage operation known as SolarWinds. Although the full impact of that campaign is still unknown, Russian hackers were successful in breaking into accounts belonging to top cybersecurity officials at DHS and other federal agencies.
According to Silvers, the White House and DHS concurred that using the new board’s knowledge and time more efficiently would involve looking into the Log4j problem.
#businessrelatedarticles #businesssection #timesbusiness
Read more Business News , Today Politics Headline , Today Finace News Update ,Latest Social News Update , World Highlight , Entertainment Latest News , Today Sports News Update , Latest Education Update , Real Estate Today Update