Connect with us

Hi, what are you looking for?

News

U.S. cybersecurity officials see mainly low-impact attacks from logging flaw, so far

SAN FRANCISCO – The U.S. agency charged with defending the country against hacking said on Tuesday the majority of attacks it has seen using a recently disclosed flaw in widely used open-source software were minor, with many of them seeking to hijack computing power to mine cryptocurrency.

Officials at the Cybersecurity and Infrastructure Security Agency said they had not confirmed reports by multiple security companies of ransomware installations or attempts by other governments to steal secrets.

“We are not seeing widespread, highly sophisticated intrusion campaigns,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said in a call with reporters.

But he warned the threat would continue to evolve and the agency was still working to assemble reliable information on what types of software were subject to the attacks.

He said it was possible widespread consumer devices such as routers were vulnerable and his unit within the Department of Homeland Security was working with vendors to have them deploy fixes where needed.

The flaw was found in a common logging tool, known as Log4j, and it is carried forward by at least hundreds of other programs that rely on the tool. Goldstein said the flaw is easy to exploit.

Although a patch in the tool has been available since Dec. 6, many of those other programs also have to implement the patch to ensure an attacker cannot get deep network access.

Under recently granted powers, CISA has directed all federal agencies to install patches as they become available.

Goldstein said there have been no reports of intrusions using the vulnerability in the government, but CISA expects “all manner of adversaries” to seek to exploit the flaw.

The logging function allows users to submit live code referring to an outside repository, which the program will then seek out and install. Hackers can use that to take control of the servers, which may have access to other machines with more valuable data or network powers.

Though the flaw has existed in the free Log4j program for years, it was recently discovered by a researcher at Chinese tech company Alibaba and reported to the group of volunteers who maintain the program. Open discussion within the Chinese security company was detected and some exploitation of the flaw began before the Apache Software Foundation could issue the patch.

Goldstein said it was “concerning” any time a flaw is exploited before a patch is out. Under recent Chinese regulations, some security professionals must report their findings to the government quickly, often before patches are ready.- REUTERS

Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

Latest

Editor’s Pick

UK pubs missed out on a staggering £155 million summer World Cup boost, new analysis has revealed. The hospitality sector was already among the...

Editor’s Pick

Cornish second home owners are set to pay double in council tax after a proposal which would see the local authority granted powers to...

News

LOCAL STOCKS are expected to move sideways on Friday on tepid market activity as investors wait for the release of November US inflation data...

Editor’s Pick

The UK will build its first new coalmine for three decades at Whitehaven in Cumbria, despite objections locally, across the UK and from around...

News

SPEAKER Martin G. Romualdez during the opening of the 19th Congress at the House of Representatives in Quezon City on July 25. — PHILIPPINE...

News

PHILSTAR FILE PHOTO/ RELEASE JBROS CONSTRUCTION CORP. By Luisa Maria Jacinta C. Jocson, Reporter LOCAL government units (LGUs) face an uphill task in staffing...

You May Also Like

News

BW FILE PHOTO GROSS BORROWINGS by the National Government reached P2.6 trillion as of end-September as it continued to raise funds to respond to...

News

REUTERS By Luz Wendy T. Noble, Reporter The country’s foreign exchange buffers slightly increased as of end-October as the value of the central bank’s...

News

KARASOLAR.COM TENA, Ecuador — Ecuador’s rainforest Achuar people say their ancestors long dreamed of a “fire canoe” or “electric fish” that would let them...

News

COVID-19 has had a significant impact on the mental health of Filipinos across different groups all over the archipelago. From frontline workers, parents balancing...

Disclaimer: Respect Investment.com, its managers, its employees, and assigns (collectively "The Company") do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2022 Respect Investment. All Rights Reserved.