Budapest Post

Cum Deo pro Patria et Libertate
Budapest, Europe and world news

Log4j software flaw 'endemic,' new cyber safety panel says

Log4j software flaw 'endemic,' new cyber safety panel says

A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden.
The Cyber Safety Review Board said in a report Thursday that while there hasn’t been sign of any major cyberattack due to the Log4j flaw, it will still “be exploited for years to come.”

“Log4j is one of the most serious software vulnerabilities in history,” the board’s chairman, Department of Homeland Security Under Secretary Rob Silvers, told reporters Wednesday.

The Log4j flaw, made public late last year, lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. The first obvious signs of the flaw’s exploitation appeared in Minecraft, a hugely popular online game owned by Microsoft.

The flaw’s discovery prompted urgent warnings by government officials and massive efforts by cybersecurity professionals to patch vulnerable systems.

The board said Thursday that “somewhat surprisingly” the exploitation of the Log4j bug had occurred at lower levels than experts predicted. The board also said that it was unaware of any “significant” Log4j attacks on critical infrastructure systems but noted that some cyberattacks go unreported.

The board said future attacks are likely in large part because Log4j is routinely embedded with other software and can be hard for organizations to find running in their systems.

“This event is not over,” Silvers said.

Log4j, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers.

A security researcher at the Chinese tech giant Alibaba notified the foundation on Nov. 24. It took two weeks to develop and release a fix. Chinese media reported that the government punished Alibaba for not reporting the flaw earlier to state officials.

The board said Thursday it found “troubling elements” with the Chinese government’s policy toward vulnerability disclosures, saying it could give Chinese state hackers an early look at computer flaws they could use for nefarious means like stealing trade secrets or spying on dissidents. The Chinese government has long denied wrongdoing in cyberspace and told the board that it encourages improved information sharing on software vulnerabilities.

The board offered a number of recommendations on mitigating the fallout of the Log4j flaw as well as improving cybersecurity generally. That includes the suggestion that universities and community colleges make cybersecurity training a required part of computer science degree and certification programs.

The Cyber Safety Review Board is modeled after the National Transportation Safety Board, which reviews plane crashes and other major accidents, and was mandated by an executive order Biden signed last May. The 15-member board is made up of FBI, National Security Agency and other government officials as well as people from the private sector. Some supporters of the new board criticized DHS for taking so long to get it up and running.

Biden’s executive order directed the board to conduct its first review on the massive Russian cyber espionage campaign known as SolarWinds. Russian hackers were able to breach several federal agencies, including accounts belonging to top cybersecurity officials at DHS, though the full fallout from that campaign is still unclear.

Silvers said DHS and the White House agreed that reviewing the Log4j flaw was a better use of the new board’s expertise and time.
AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.
Newsletter

Related Articles

0:00
0:00
Close
Satirical Sketch Sparks Political Spouse Feud in South Korea
Indonesia Quarry Collapse Leaves Multiple Dead and Missing
South Korean Election Video Pulled Amid Misogyny Outcry
Asian Economies Shift Away from US Dollar Amid Trade Tensions
Netflix Investigates Allegations of On-Set Mistreatment in K-Drama Production
US Defence Chief Reaffirms Strong Ties with Singapore Amid Regional Tensions
Vietnam Faces Strategic Dilemma Over China's Mekong River Projects
Malaysia's First AI Preacher Sparks Debate on Islamic Principles
Meta and Anduril Collaborate on AI-Driven Military Augmented Reality Systems
Russia's Fossil Fuel Revenues Approach €900 Billion Since Ukraine Invasion
Alcohol Industry Faces Increased Scrutiny Amid Health Concerns
U.S. Goods Imports Plunge Nearly 20% Amid Tariff Disruptions
Italy Faces Population Decline Amid Youth Emigration
Trump Accuses China of Violating Trade Agreement
OpenAI Faces Competition from Cheaper AI Rivals
Foreign Tax Provision in U.S. Budget Bill Alarms Investors
Russia Accuses Serbia of Supplying Arms to Ukraine
Gerry Adams Wins Libel Case Against BBC
EU Central Bank Pushes to Replace US Dollar with Euro as World’s Main Currency
U.S. Health Secretary Ends Select COVID-19 Vaccine Recommendations
Trump Warns Putin Is 'Playing with Fire' Amid Escalating Ukraine Conflict
India and Pakistan Engage Trump-Linked Lobbyists to Influence U.S. Policy
U.S. Halts New Student Visa Interviews Amid Enhanced Security Measures
Trump Administration Cancels $100 Million in Federal Contracts with Harvard
SpaceX Starship Test Flight Ends in Failure, Mars Mission Timeline Uncertain
King Charles Affirms Canadian Sovereignty Amid U.S. Statehood Pressure
EU Majority Demands Hungary Reverse Anti-LGBTQ+ Laws
Top Hotel Picks for 2025 Stays in Budapest Revealed
Iron Maiden Unveils 2025 Tour Setlist in Budapest
Chinese Film Week Opens in Budapest to Promote Cultural Exchange
Budapest Airport Launches Direct Flights to Shymkent
Von der Leyen Denies Urging EU Officials to Skip Budapest Pride
Alcaraz and Sinner Advance with Convincing Wins at Roland Garros
EU Ministers Lack Consensus on Sanctioning Hungary Over Rule of Law
EU Nations Urge Action Against Hungary's Pride Parade Ban
Putin's Helicopter Reportedly Targeted by Ukrainian Drones
U.S. Considers Withdrawing Troops from Europe
Russia Deploys Motorbike Squads in Ukraine Conflict
Critics Accuse European Court of Human Rights of Overreach
Spain Proposes 100% Tax on Non-EU Holiday Home Purchases
German Intelligence Labels AfD as Far-Right Extremist
Geert Wilders Threatens Dutch Coalition Over Migration Policy
Hungary Faces Multiple Challenges Amid EU Tensions and Political Shifts
Denmark Increases Retirement Age to 70, Setting a European Precedent
Any trade deal with US must be based on respect not threats', says EU commissioner
UK Leads in Remote Work Adoption, Averaging 1.8 Days a Week
Thirteen Killed in Russian Attacks Across Ukraine
High-Profile Incidents and Political Developments Dominate Global News
Netanyahu Accuses Western Leaders of 'Emboldening Hamas'
Ukraine and Russia Conduct Largest Prisoner Exchange of the War
×