{"id":383836,"date":"2021-12-21T01:28:34","date_gmt":"2021-12-20T22:28:34","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/why-is-the-log4j-cybersecurity-flaw-the-most-serious-in-decades\/"},"modified":"2021-12-21T01:28:34","modified_gmt":"2021-12-20T22:28:34","slug":"why-is-the-log4j-cybersecurity-flaw-the-most-serious-in-decades","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/why-is-the-log4j-cybersecurity-flaw-the-most-serious-in-decades\/","title":{"rendered":"#Why is the Log4j cybersecurity flaw the &#8216;most serious&#8217; in decades?"},"content":{"rendered":"<p>&#8220;<strong>#Why is the Log4j cybersecurity flaw the &#8216;most serious&#8217; in decades?<\/strong>&#8221;<\/p>\n<div>\n<aside class=\"single__inline-module alignleft\">\n<\/aside>\n<p>A newly discovered cybersecurity flaw is affecting vast swaths the internet from Google and Amazon to the systems used to run militaries and hospitals, with US Homeland Security\u2019s top cybersecurity official calling it the most serious vulnerability in decades.\u00a0<\/p>\n<p>The flaw is present within a popular piece of software called Log4j, which is part of the ubiquitous programming language Java. Log4j is used by millions of websites and <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>s \u2014 and the software\u2019s flaw potentially allows hackers to take control of systems by typing a simple line of code, according to cybersecurity experts.\u00a0<\/p>\n<p>\u201cThe log4j vulnerability is the most serious vulnerability I have seen in my decades-long career,\u201d Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cnbc.com\/video\/2021\/12\/16\/cisa-director-says-the-log4j-security-flaw-is-the-most-serious-shes-seen-in-her-career.html\">said Thursday on CNBC<\/a>.\u00a0<\/p>\n<p>Most hacking attempts using Log4j so far have involved attackers trying to install cryptocurrency \u201cmining\u201d software on victims\u2019 computers. However, an Iranian hacking group called \u201cCharming Kitten\u201d has also tried to use the vulnerability to breach government agencies and businesses in Israel, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blog.checkpoint.com\/2021\/12\/11\/protecting-against-cve-2021-44228-apache-log4j2-versions-2-14-1\/\">according to the cybersecurity company Check Point<\/a>.\u00a0<\/p>\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"682\" src=\"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-02.jpg?quality=90&amp;strip=all&amp;w=1024\" alt=\"A hacker\" class=\"wp-image-20559724\" srcset=\"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-02.jpg?quality=90&amp;strip=all&amp;w=1535 1536w, https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-02.jpg?quality=90&amp;strip=all 1024w, https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-02.jpg?quality=90&amp;strip=all&amp;w=512 512w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"\/><figcaption>\u201cThe log4j vulnerability is the most serious vulnerability I have seen in my decades-long career,\u201d Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, said. <\/figcaption><figcaption><span class=\"credit\">Getty Images<\/span><\/figcaption><\/figure>\n<p>The Log4j flaw is more serious than other cybersecurity flaws because of its \u201cubiquity, simplicity and complexity,\u201d according to Easterly.<\/p>\n<p>\u201cIt is a piece of software, open source, that\u2019s in millions of devices from video <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a>s to hospital equipment to industrial control systems to cloud services,\u201d the cybersecurity official said.<\/p>\n<p>\u201cIt is trivial to exploit,\u201d she added. \u201cAnd it takes a very focused effort to be able to find and to fix the vulnerability.\u201d\u00a0<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"embed-wrapper twitter\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\u201cThe Log4j vulnerability is the most serious vulnerability that I have seen in my decades-long career,\u201d CISA Director Jen Easterly tells <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/EamonJavers?ref_src=twsrc%5Etfw\">@EamonJavers<\/a> in an exclusive interview. \u201cEveryone should assume that they are exposed and vulnerable.\u201d <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/AJfaTuZ8FE\">pic.twitter.com\/AJfaTuZ8FE<\/a><\/p>\n<p>\u2014 CNBC (@CNBC) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CNBC\/status\/1471532296905887749?ref_src=twsrc%5Etfw\">December 16, 2021<\/a><\/p><\/blockquote>\n<\/div>\n<\/div>\n<\/figure>\n<p>While there\u2019s little that individual internet users can do to protect themselves, government agencies and tech companies alike are scrambling to fix the vulnerability.\u00a0<\/p>\n<p>The Cybersecurity and Infrastructure Security Agency published an <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/news\/2021\/12\/17\/cisa-issues-emergency-directive-requiring-federal-agencies-mitigate-apache-log4j\">emergency directive<\/a> on Friday urging all government agencies to im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely \u201cpatch\u201d computer systems to address the Log4j flaw.\u00a0<\/p>\n<p>Google, meanwhile, has more than 500 engineers combing through the company\u2019s code to make sure it\u2019s safe, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/technology\/2021\/12\/20\/log4j-hack-vulnerability-java\/?outputType=amp#LSWMB3XKYRALRAPBVQHPTFUQSI\">the Washington Post reported<\/a>.\u00a0<\/p>\n<figure class=\"wp-block-image size-large is-style-default\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"682\" src=\"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-01.jpg?quality=90&amp;strip=all&amp;w=1024\" alt=\"Apache Log4j vulnerability guidance \" class=\"wp-image-20559788\" srcset=\"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-01.jpg?quality=90&amp;strip=all&amp;w=1535 1536w, https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-01.jpg?quality=90&amp;strip=all 1024w, https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-01.jpg?quality=90&amp;strip=all&amp;w=512 512w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"\/><figcaption>Government agencies are scrambling to address the vulnerability.<\/figcaption><figcaption><span class=\"credit\">AP<\/span><\/figcaption><\/figure>\n<p>Asaf Ashkenazi, chief operating officer of security company Verimatrix, told the paper that coders across tech companies have been clocking excessive hours since the Log4j issue was first made public on Dec. 9.\u00a0<\/p>\n<p>\u201cSome of the people didn\u2019t see sleep for a long time, or they sleep like three hours, four hours and wake back up,\u201d Ashkenazi told the Washington Post. \u201cWe were working around-the-clock. It\u2019s a nightmare since it was out. It\u2019s still a nightmare.\u201d<\/p>\n<p>Even the Microsoft-owned online video game Minecraft has been affected. Some hackers were apparently able to breach victims by typing a single line of code into the game\u2019s chat box, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.wired.com\/story\/log4j-flaw-hacking-internet\/\">according to Wired<\/a>. Microsoft says it has since fixed the issue and is <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.minecraft.net\/en-us\/article\/important-message--security-vulnerability-java-edition\">urging players to update their Minecraft software<\/a>. <\/p>\n<p>On Monday, Belgium\u2019s defense ministry was forced to shut down parts of its computer network after hackers triggered the Log4j vulnerability, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/articles\/hackers-exploit-log4j-flaw-at-belgian-defense-ministry-11640020439\">the Wall Street Journal reported<\/a>. The ministry did not provide details on the breach.\u00a0<\/p>\n<figure class=\"wp-block-image size-large is-style-default\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"682\" src=\"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-03.jpg?quality=90&amp;strip=all&amp;w=1024\" alt=\"Hacker\" class=\"wp-image-20559798\" srcset=\"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-03.jpg?quality=90&amp;strip=all&amp;w=1535 1536w, https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-03.jpg?quality=90&amp;strip=all 1024w, https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-03.jpg?quality=90&amp;strip=all&amp;w=512 512w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"\/><figcaption>Most hacking attempts have reportedly involved attackers trying to install cryptocurrency mining software on victims\u2019 computers.  <\/figcaption><figcaption><span class=\"credit\">Getty Images<\/span><\/figcaption><\/figure>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/news\/\" target=\"_blank\" rel=\"noopener\">News category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/nypost.com\/2021\/12\/20\/why-is-the-log4j-cybersecurity-flaw-the-most-serious-in-decades\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Why is the Log4j cybersecurity flaw the &#8216;most serious&#8217; in decades?&#8221; A newly discovered cybersecurity flaw is affecting vast swaths the internet from Google and Amazon to the systems used to run militaries and hospitals, with US Homeland Security\u2019s top cybersecurity official calling it the most serious vulnerability in decades.\u00a0 The flaw is present within&#8230;<\/p>\n","protected":false},"author":1,"featured_media":383837,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2021\/12\/log4j-cybersecurity-problem-02.jpg?quality=90&strip=all&w=1024","fifu_image_alt":"","footnotes":""},"categories":[70897],"tags":[122227,2758,76127,70375,26293,70944,70513],"class_list":["post-383836","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-12-20-21","tag-amazon","tag-cryptocurrency","tag-cybersecurity","tag-google","tag-hackers","tag-hacking"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/383836","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=383836"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/383836\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/383837"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=383836"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=383836"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=383836"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}