Major Companies Rush to Fix Log4j Software from Hacker Attacks

Allows Open Access to Hackers

It should be noted that this is the new "big question" on cyber apps. Make sure your CIO or the like knows what this is and how they are protecting you from it.

From our friends at the Insurance Journal....

By Jack Gillum | December 13, 2021

Major global companies are facing pressure to fix what experts are calling one of the most serious software flaws in recent memory.

The flaw in the Log4j software could allow hackers unfettered access to computer systems and has prompted an urgent warning by the U.S. government’s cybersecurity agency.

Microsoft Corp. and Cisco Inc. have published advisories about the flaw, and software developers released a fix late last week. But a solution depends on thousands of companies putting the fix in place before it is exploited.

“This is probably the worst security vulnerability in at least the last 10 years — maybe longer,” said Charles Carmakal, the chief technology officer for cybersecurity firm Mandiant Inc. He said Mandiant received requests from several major companies in the last few days for help.

Alibaba Group’s cloud-security team recently discovered the flaw, according to the nonprofit Apache Software Foundation, which maintains Log4j.

The vulnerability effectively allows hackers to take control of a system. Because the faulty computer code is baked into software of all sorts, updating it is a painstaking process.

“To be clear, this vulnerability poses a severe risk,” Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, said in a statement Friday. Vendors “must immediately identify, mitigate, and patch the wide array of products using this software,” she said.

VMWare Inc., which makes computer-virtualization software, said Thursday that several of its products were likely affected by the Java-based Log4j.

Amit Yoran, the CEO of Tenable Inc., which makes widely used vulnerability-scanning software, said the Log4j flaw is so ubiquitous that, among customers running Tenable’s scanning products, at least three systems a second are reporting they’re affected.

“We are taking urgent action to drive mitigation of this vulnerability and detect any associated threat activity,” Easterly said, adding that CISA has cataloged the vulnerability — requiring U.S. federal civilian agencies to fix it promptly. As of Saturday, the agency hasn’t identified compromises in federal systems.

Photo: Photographer: Oliver Nicolaas Ponder/EyeEm via Getty Images

 

Join the Conversation on Linkedin   |   About PEO Compass

Contact the Founder of the PEO Compass and Professional Employer Organization (PEO) Expert, Paul Hughes

Paul Hughes has been working with the Professional Employer Organization (“PEO”) industry since 1995 and data management since 2005. He is responsible for the day to day operations of both Libertate Insurance Services, LLC and RiskMD, which reports into the overall Ballator Insurance Group family of companies. Learn more about Paul.

Specializing in PEO Services: Workers Compensation, Mergers & Acquisitions, Data Management, Insurance Focus on: Employment Practices Liability (EPLI), Cyber Liability, Health Insurance, Occupational Accident, Business Insurance, Client Company, Casualty and Disability Insurance.

Previous
Previous

Mergers & Acquisitions: Risk Transfer Insurance Acquired

Next
Next

48 Cents to Deliver 1 Dollar of Workers' Compensation Benefits in California?