Connect with us

Hi, what are you looking for?

News

Companies rush to fix software exploit after US warning

Major global companies are facing pressure to fix what experts are calling one of the most serious software flaws in recent memory.

The flaw in the Log4j software could allow hackers unfettered access to computer systems and has prompted an urgent warning by the U.S. government’s cybersecurity agency.

Microsoft Corp. and Cisco Inc. have published advisories about the flaw, and software developers released a fix late last week. But a solution depends on thousands of companies putting the fix in place before it is exploited.

“This is probably the worst security vulnerability in at least the last 10 years — maybe longer,” said Charles Carmakal, the chief technology officer for cybersecurity firm Mandiant Inc. He said Mandiant received requests from several major companies in the last few days for help.

Alibaba Group’s cloud-security team recently discovered the flaw, according to the nonprofit Apache Software Foundation, which maintains Log4j.

The vulnerability effectively allows hackers to take control of a system. Because the faulty computer code is baked into software of all sorts, updating it is a painstaking process.

“To be clear, this vulnerability poses a severe risk,” Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, said in a statement Friday. Vendors “must immediately identify, mitigate, and patch the wide array of products using this software,” she said.

VMWare Inc., which makes computer-virtualization software, said Thursday that several of its products were likely affected by the Java-based Log4j.

Amit Yoran, the CEO of Tenable Inc., which makes widely used vulnerability-scanning software, said the Log4j flaw is so ubiquitous that, among customers running Tenable’s scanning products, at least three systems a second are reporting they’re affected.

“We are taking urgent action to drive mitigation of this vulnerability and detect any associated threat activity,” Easterly said, adding that CISA has cataloged the vulnerability — requiring U.S. federal civilian agencies to fix it promptly. As of Saturday, the agency hasn’t identified compromises in federal systems. — Bloomberg

Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

Latest

News

Linesmen fix electric posts in Tondo, Manila. — PHILIPPINE STAR/ RUSSELL PALMA PRESIDENT Ferdinand R. Marcos, Jr. is hoping the Court of Appeals (CA)...

News

Finance Secretary Benjamin E. Diokno answers questions from the media during a press briefing at the New Executive Building, Malacañan Palace, July 6. —...

News

SUBSIDIES extended to government-owned and -controlled corporations (GOCCs) surged to P39.981 billion in October, the Bureau of the Treasury (BTr) said. Budgetary support to...

News

Manila rose six spots to 55th place out of 75 ranked centers in the sixth edition of the Smart Centers Index (SCI) by Long...

News

By Arjay L. Balinbin, Senior Reporter METRO Pacific Tollways Corp. (MPTC) said its unit NLEX Corp. expects to award the Candaba Third Viaduct project,...

News

1 of 3 ARMANI’s diffusion line, Armani Exchange, is trading in its old store look for a new one. During a short introduction to...

You May Also Like

News

BW FILE PHOTO GROSS BORROWINGS by the National Government reached P2.6 trillion as of end-September as it continued to raise funds to respond to...

News

KARASOLAR.COM TENA, Ecuador — Ecuador’s rainforest Achuar people say their ancestors long dreamed of a “fire canoe” or “electric fish” that would let them...

News

REUTERS By Luz Wendy T. Noble, Reporter The country’s foreign exchange buffers slightly increased as of end-October as the value of the central bank’s...

News

COVID-19 has had a significant impact on the mental health of Filipinos across different groups all over the archipelago. From frontline workers, parents balancing...

Disclaimer: Respect Investment.com, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2022 Respect Investment. All Rights Reserved.