#THE USED VULNERABLE VS VULNERABLE 2 SOFTWARE#
"That's a big number, and who knows how many times it's even been used as part of those downloads?"Īpache Software Foundation's group of volunteers were alerted on November 24 of the vulnerability, after a member of Alibaba's cloud security team discovered it.īut late last week, an unusual warning sent shockwaves through the cybersecurity community staff after makers of the sandbox video game Minecraft shared the vulnerability in a blog post, alerting gamers that hackers had identified a flaw in their game that could use to infiltrate their computers.
#THE USED VULNERABLE VS VULNERABLE 2 CODE#
Ostrowski noted that the Log4j programming code has been downloaded more than 400,000 times. "It's embedded in video games that our kids play and infrastructure like cloud products." "This piece of code that's been found to be vulnerable exists literally across the globe," said Mark Ostrowski, head of engineering with security firm Checkpoint Research. "It could mean water utilities with automated and remote management systems are now vulnerable to attacks." It could mean that entire manufacturers could not be able to ship or receive goods," Caltagirone added. "This could mean entire e-commerce sites go down during the Christmas holiday. "The challenge it presents is its prevalence," Mayorkas said. Because this library is used by most web services in the world, it means that most web services are vulnerable to attack," said Sergio Caltagirone, vice president of threat intelligence of top cybersecurity firm Dragos said.Īccording to cybersecurity researchers, the flaw leaves a laundry list of critical infrastructure functions like power, energy, food, communications, critical manufacturing and water ripe for a possible intrusion.ĭHS Secretary Alejandro Mayorkas, whose department oversees CISA, called Log4j "omnipresent," during a cybersecurity panel, Thursday. "Logging is critical in everything we do. Its and utility and the fact that it is free have spread the "logging library" to all corners of the internet, according to cybersecurity experts. The free, open-source software creates a built-in "log" or record of activity - like a diary - that software developers can use to troubleshoot problems or track data within their programs. Log4j is a programming code written in Java computer language and created by volunteers within the Apache Software Foundation to run across a handful of platforms: Apple's macOS, Windows and Linux.