Security experts from around the world competed on Friday to patch one of the worst computer vulnerabilities discovered in several years. Critical vulnerabilities in open source code used in cloud services and enterprise software by industry and government are widespread.
“It’s hard to imagine a company that isn’t at risk,” said Joe Sullivan, Cloudflare’s chief security officer. The company’s online infrastructure protects websites from malicious attackers. Millions of servers have it installed, and experts say the fallout will be unknown for several days.
I say. “We have been fully armed for the past 12 hours.” The vulnerability in the Apache Software Foundation module was discovered by the Chinese technology giant Alibaba on November 24, the Foundation announced. Myers expected the computer emergency team to spend a busy weekend identifying all of the affected machines. The hunt becomes even more difficult as the affected software may be found in third-party programs. Exploitation of the bug is very popular with children and appears to have been first discovered in Minecraft, an online game from Microsoft. Myers and security expert Marcus Hutchins said Minecraft users are already using it to run programs on other users’ computers by pasting a short message in the chat box. Rice field.
The Computer Emergency Team in New Zealand was one of the first to report a bug in a Java utility for Apache servers, log user activity hours after it was released, and release a patch on Thursday. It was abused.
A vulnerability called “Log4Shell” was rated on a scale of 1 to 10, with 10 being the worst. Anyone with this exploit has full access to the unpatched machine. “The internet is on fire now. People try to install patches, script kiddies, and people of all kinds try to use them, ”said Adam Meyers, senior vice president of intelligence at cybersecurity firm Crowdstrike.
Microsoft has released a software update for Minecraft users that says “Customers who apply the fix are protected”. 4,444 researchers reported finding evidence that the vulnerability could be exploited on servers from companies like Apple, Amazon, Twitter, and Cloudflare. Cloudflare’s Sullivan said there was no evidence that his company’s servers were compromised. Apple, Amazon and Twitter did not immediately respond to requests for comment.
Summary of the news:
- Global competition is under way to fix serious computer errors
- Check out all the news and articles on the latest security updates.