Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

Log4j software flaw 'endemic,' new cyber safety panel says

Log4j software flaw 'endemic,' new cyber safety panel says

A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden.
The Cyber Safety Review Board said in a report Thursday that while there hasn’t been sign of any major cyberattack due to the Log4j flaw, it will still “be exploited for years to come.”

“Log4j is one of the most serious software vulnerabilities in history,” the board’s chairman, Department of Homeland Security Under Secretary Rob Silvers, told reporters Wednesday.

The Log4j flaw, made public late last year, lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. The first obvious signs of the flaw’s exploitation appeared in Minecraft, a hugely popular online game owned by Microsoft.

The flaw’s discovery prompted urgent warnings by government officials and massive efforts by cybersecurity professionals to patch vulnerable systems.

The board said Thursday that “somewhat surprisingly” the exploitation of the Log4j bug had occurred at lower levels than experts predicted. The board also said that it was unaware of any “significant” Log4j attacks on critical infrastructure systems but noted that some cyberattacks go unreported.

The board said future attacks are likely in large part because Log4j is routinely embedded with other software and can be hard for organizations to find running in their systems.

“This event is not over,” Silvers said.

Log4j, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers.

A security researcher at the Chinese tech giant Alibaba notified the foundation on Nov. 24. It took two weeks to develop and release a fix. Chinese media reported that the government punished Alibaba for not reporting the flaw earlier to state officials.

The board said Thursday it found “troubling elements” with the Chinese government’s policy toward vulnerability disclosures, saying it could give Chinese state hackers an early look at computer flaws they could use for nefarious means like stealing trade secrets or spying on dissidents. The Chinese government has long denied wrongdoing in cyberspace and told the board that it encourages improved information sharing on software vulnerabilities.

The board offered a number of recommendations on mitigating the fallout of the Log4j flaw as well as improving cybersecurity generally. That includes the suggestion that universities and community colleges make cybersecurity training a required part of computer science degree and certification programs.

The Cyber Safety Review Board is modeled after the National Transportation Safety Board, which reviews plane crashes and other major accidents, and was mandated by an executive order Biden signed last May. The 15-member board is made up of FBI, National Security Agency and other government officials as well as people from the private sector. Some supporters of the new board criticized DHS for taking so long to get it up and running.

Biden’s executive order directed the board to conduct its first review on the massive Russian cyber espionage campaign known as SolarWinds. Russian hackers were able to breach several federal agencies, including accounts belonging to top cybersecurity officials at DHS, though the full fallout from that campaign is still unclear.

Silvers said DHS and the White House agreed that reviewing the Log4j flaw was a better use of the new board’s expertise and time.
AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
Hungarian Prime Minister Viktor Orbán stated that Hungary will not adopt the euro because the European Union is falling apart.
Mayor in western Germany in intensive care after stabbing
Australian government pays Deloitte nearly half a million dollars for a report built on fabricated quotes, fake citations, and AI-generated nonsense.
BYD’s UK Sales Soar Nearly Nine-Fold, Making Britain Its Biggest Market Outside China
Latvia to Bar Tourist and Occasional Buses to Russia and Belarus Until 2026
Wave of Complaints Against Apple Over iPhone 17 Pro’s Scratch Sensitivity
Munich Airport Reopens After Second Drone Shutdown
Pro Europe and Anti-War Babiš Poised to Return to Power After Czech Parliamentary Vote
Sean ‘Diddy’ Combs Sentenced to Fifty Months in Prison Following Prostitution Conviction
Altman Says GPT-5 Already Outpaces Him, Warns AI Could Automate 40% of Work
Russian Research Vessel 'Yantar' Tracked Mapping Europe’s Subsea Cables, Raising Security Alarms
Global Cruise Industry Posts Dramatic Comeback with 34.6 Million Passengers in 2024
U.S. Demands Brussels Scrutinize Digital Rules to Prevent Bias Against American Tech
Private Equity’s Fundraising Surge Triggers Concern of European Market Shake-Out
Tokyo’s Jimbōchō Named World’s Coolest Neighbourhood for 2025
European Officials Fear Trump May Shift Blame for Ukraine War onto EU
The Personality Rights Challenge in India’s AI Era
Italy Considers Freezing Retirement Age at 67 to Avert Scheduled Hike
Italian City to Impose Tax on Visiting Dogs Starting in 2026
Study Finds No Safe Level of Alcohol for Dementia Risk
Trump Says Ukraine Can Fully Restore Borders with NATO Backing
Europe Signals Stronger Support for Taiwan at Major Taipei Defence Show
Germany Weighs Excluding France from Key European Fighter Jet Programme
Cyberattack Disrupts Check-in and Boarding Systems at Major European Airports
Björn Borg Breaks Silence: Memoir Reveals Addiction, Shame and Cancer Battle
When Extremism Hijacks Idealism: How the Baader-Meinhof Gang Emerged and Fell
JWST Data Brings TRAPPIST-1e Closer to Earth-Like Habitability
Trump Orders $100,000 Fee on H-1B Visas and Launches ‘Gold Card’ Immigration Pathway
France’s Looming Budget Crisis and Political Fracture Raise Fears of Becoming Europe’s “Sick Man”
Three Russian MiG-31 Jets Breach Estonian Airspace in ‘Unprecedentedly Brazen’ NATO Incident
European manufacturers against ban on polluting cars: "The industry may collapse"
Turkish car manufacturer Togg Enters German Market with 5-Star Electric Sedan and SUV to Challenge European EV Brands
Christian Brueckner Released from German Prison after Serving Unrelated Sentence
World’s Longest Direct Flight China Eastern to Launch 29-Hour Shanghai–Buenos Aires Direct Flight via Auckland in December
New OpenAI Study Finds Majority of ChatGPT Use Is Personal, Not Professional
The conservative right spreads westward: a huge achievement for 'Alternative for Germany' in local elections
Pope Leo Warns of Societal Crisis Over Mega-CEO Pay, Citing Tesla’s Proposed Trillion-Dollar Package
Poland Green-Lights NATO Deployment in Response to Major Russian Drone Incursion
U.S. and China Agree on Framework to Shift TikTok to American Ownership
Le Pen Tightens the Pressure on Macron as France Edges Toward Political Breakdown
Czech Republic signs €1.34 billion contract for Leopard 2A8 main battle tanks with delivery from 2028
Penske Media Sues Google Over “AI Overviews,” Claiming It Uses Journalism Without Consent and Destroys Traffic
Indian Student Engineers Propose “Project REBIRTH” to Protect Aircraft from Crashes Using AI, Airbags and Smart Materials
One in Three Europeans Now Uses TikTok, According to the Chinese Tech Giant
Could AI Nursing Robots Help Healthcare Staffing Shortages?
NATO Deploys ‘Eastern Sentry’ After Russian Drones Violate Polish Airspace
The New Life of Novak Djokovic
German police raid AfD lawmaker’s offices in inquiry over Chinese payments
Volkswagen launches aggressive strategy to fend off Chinese challenge in Europe’s EV market
France Erupts in Mass ‘Block Everything’ Protests on New PM’s First Day
×