\"<p>Security
Security experts around the world raced Friday, Dec. 10, 2021, to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. Cybersecurity experts say users of the online game Minecraft have already exploited it to breach other users by pasting a short message into in a chat box. (AP Photo\/Damian Dovarganes, File)<\/span><\/figcaption><\/figure>BOSTON: A critical vulnerability in a widely used software tool - one quickly exploited in the online game Minecraft<\/a> - is rapidly emerging as a major threat to organizations around the world.

\"The
internet<\/a>'s on fire right now,\" said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike<\/a>. \"People are scrambling to patch,\" he said, \"and all kinds of people scrambling to exploit it.\" He said Friday morning that in the 12 hours since the bug's existence was disclosed that it had been \"fully weaponized,\" meaning malefactors had developed and distributed tools to exploit it.

The flaw may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.

\"I'd be hard-pressed to think of a company that's not at risk,\" said Joe Sullivan, chief security officer for
Cloudflare<\/a>, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.

Amit Yoran, CEO of the cybersecurity firm Tenable, called it \"the single biggest, most critical vulnerability of the last decade\" - and possibly the biggest in the history of modern computing.

The vulnerability, dubbed 'Log4Shell,' was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software.

Experts said the extreme ease with which the vulnerability lets an attacker access a web server - no password required - is what makes it so dangerous.

New Zealand's computer emergency response team was among the first to report that the flaw was being \"actively exploited in the wild\" just hours after it was publicly reported Thursday and a patch released.

The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on Nov. 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.

But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.

Yoran, of Tenable, said organizations need to presume they've been compromised and act quickly.

The first obvious signs of the flaw's exploitation appeared in Minecraft, an online game hugely popular with kids and owned by
Microsoft<\/a>. Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.

Microsoft said it had issued a software update for Minecraft users. \"Customers who apply the fix are protected,\" it said.

Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare.

Cloudflare's Sullivan said there we no indication his company's servers had been compromised. Apple, Amazon and Twitter did not immediately respond to requests for comment.
<\/body>","next_sibling":[{"msid":88217308,"title":"Apple shuts US store after staff members get Covid positive: Report","entity_type":"ARTICLE","link":"\/news\/apple-shuts-us-store-after-staff-members-get-covid-positive-report\/88217308","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":88217332,"entity_type":"ARTICLE","title":"'The internet's on fire' as techs race to fix software flaw","synopsis":"The vulnerability, dubbed 'Log4Shell,' was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software.","titleseo":"telecomnews\/the-internets-on-fire-as-techs-race-to-fix-software-flaw","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":872,"shares":0,"engagementtimems":2899000},"Alttitle":{"minfo":""},"artag":"AP","artdate":"2021-12-11 07:38:21","lastupd":"2021-12-11 07:41:04","breadcrumbTags":["Internet","International","software vulnerability","tech news","sybersecurity","cybersecurity news","crowdstrike","microsoft","cloudflare","minecraft"],"secinfo":{"seolocation":"telecomnews\/the-internets-on-fire-as-techs-race-to-fix-software-flaw"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2021-12-11" data-index="article_1">

“互联网的着火”科技竞赛修复软件缺陷

漏洞,被称为“Log4Shell”,被评为10规模的1到10 Apache软件基金会,负责开发的软件。任何人利用可以获得完全访问一个应用补丁的计算机使用软件。

  • 更新2021年12月11日07:41点坚持
阅读: 100年行业专业人士
读者的形象读到100年行业专业人士
< p >安全专家在世界各地跑,12月10日,2021年,计算机漏洞补丁最糟糕的一个发现,开源代码的一个关键缺陷广泛使用在工业和政府和企业软件的云服务。网络安全专家表示,网络游戏的用户Minecraft已经利用它破坏其他用户短消息被粘贴到聊天框。(美联社照片/达米安Dovarganes,文件)< / p >
安全专家在世界各地跑,12月10日,2021年,计算机漏洞补丁最糟糕的一个发现,开源代码的一个关键缺陷广泛使用在工业和政府和企业软件的云服务。网络安全专家表示,网络游戏的用户Minecraft已经利用它破坏其他用户短消息被粘贴到聊天框。(美联社照片/达米安Dovarganes,文件)
波士顿:一个关键漏洞在一个广泛使用的软件工具,迅速利用网络游戏"我——正在迅速成为一个主要威胁世界各地的组织。

广告
互联网说现在的着火,“亚当•迈耶斯智能网络安全公司的高级副总裁Crowdstrike。“人们正忙于补丁,”他说,“和各种各样的人争相利用它。”He said Friday morning that in the 12 hours since the bug's existence was disclosed that it had been "fully weaponized," meaning malefactors had developed and distributed tools to exploit it.

缺陷可能最糟糕的电脑漏洞发现了。发现在一个开源的日志记录工具,它无处不在在云服务器和企业软件跨产业和政府使用。除非它是固定的,它授予罪犯,间谍和编程新手一样方便地访问内部网络,在那里他们可以掠夺有价值的数据,植物的恶意软件,删除关键信息等等。

“我很难想到一个公司的风险,”乔·沙利文说,首席安全官Cloudflare基础设施保护网站的恶意行为。无数服务器安装和专家说,后果不知道好几天了。

我认为,网络安全公司的CEO站得住脚的,称之为“最大、最关键的脆弱性过去十年”,可能是历史上最大的现代计算。

漏洞,被称为“Log4Shell”,被评为10规模的1到10 Apache软件基金会,负责开发的软件。任何人利用可以获得完全访问一个应用补丁的计算机使用软件。

广告
专家表示极度宽松的漏洞允许攻击者访问web服务器,不需要密码,是什么让它如此危险。

新西兰计算机紧急响应小组是第一批报告,缺陷是“积极利用在野外”几个小时后公开报道周四发布的补丁。

脆弱,位于开源Apache软件用于运行网站和其他web服务,据报道,基金会在11月24日由中国科技巨头阿里巴巴。花了两周的时间来开发和发布一个修复。

但全世界修补系统可能是一项复杂的任务。虽然大多数组织和亚马逊等云提供商应该能够轻松地更新他们的web服务器,同样的Apache软件也常常嵌入第三方程序,通常只能被主人更新。

站不住脚的,伦说,组织需要假定他们已经妥协,迅速行动。

第一个明显缺陷的开发出现在Minecraft,在线游戏广受欢迎的孩子和拥有的微软。迈耶斯和安全专家马库斯哈钦斯说"我用户已经使用它在其他用户的计算机上执行程序粘贴一个短消息聊天框。

微软表示,它已经为Minecraft用户发布了一个软件更新。“客户应用修复保护,”它说。

研究人员发现证据漏洞可以利用服务器由公司如苹果,亚马逊,Twitter和Cloudflare。

Cloudflare沙利文表示,没有迹象表明我们公司的服务器已被攻破。苹果、亚马逊和Twitter没有立即回复记者的置评请求。
  • 发布于2021年12月11日07:38点坚持
是第一个发表评论。
现在评论

加入2 m +行业专业人士的社区

订阅我们的通讯最新见解与分析。乐动扑克

下载ETTelec乐动娱乐招聘om应用

  • 得到实时更新
  • 保存您最喜爱的文章
扫描下载应用程序
\"&lt;p&gt;Security
Security experts around the world raced Friday, Dec. 10, 2021, to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. Cybersecurity experts say users of the online game Minecraft have already exploited it to breach other users by pasting a short message into in a chat box. (AP Photo\/Damian Dovarganes, File)<\/span><\/figcaption><\/figure>BOSTON: A critical vulnerability in a widely used software tool - one quickly exploited in the online game Minecraft<\/a> - is rapidly emerging as a major threat to organizations around the world.

\"The
internet<\/a>'s on fire right now,\" said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike<\/a>. \"People are scrambling to patch,\" he said, \"and all kinds of people scrambling to exploit it.\" He said Friday morning that in the 12 hours since the bug's existence was disclosed that it had been \"fully weaponized,\" meaning malefactors had developed and distributed tools to exploit it.

The flaw may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.

\"I'd be hard-pressed to think of a company that's not at risk,\" said Joe Sullivan, chief security officer for
Cloudflare<\/a>, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.

Amit Yoran, CEO of the cybersecurity firm Tenable, called it \"the single biggest, most critical vulnerability of the last decade\" - and possibly the biggest in the history of modern computing.

The vulnerability, dubbed 'Log4Shell,' was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software.

Experts said the extreme ease with which the vulnerability lets an attacker access a web server - no password required - is what makes it so dangerous.

New Zealand's computer emergency response team was among the first to report that the flaw was being \"actively exploited in the wild\" just hours after it was publicly reported Thursday and a patch released.

The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on Nov. 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.

But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.

Yoran, of Tenable, said organizations need to presume they've been compromised and act quickly.

The first obvious signs of the flaw's exploitation appeared in Minecraft, an online game hugely popular with kids and owned by
Microsoft<\/a>. Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.

Microsoft said it had issued a software update for Minecraft users. \"Customers who apply the fix are protected,\" it said.

Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare.

Cloudflare's Sullivan said there we no indication his company's servers had been compromised. Apple, Amazon and Twitter did not immediately respond to requests for comment.
<\/body>","next_sibling":[{"msid":88217308,"title":"Apple shuts US store after staff members get Covid positive: Report","entity_type":"ARTICLE","link":"\/news\/apple-shuts-us-store-after-staff-members-get-covid-positive-report\/88217308","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":88217332,"entity_type":"ARTICLE","title":"'The internet's on fire' as techs race to fix software flaw","synopsis":"The vulnerability, dubbed 'Log4Shell,' was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software.","titleseo":"telecomnews\/the-internets-on-fire-as-techs-race-to-fix-software-flaw","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":872,"shares":0,"engagementtimems":2899000},"Alttitle":{"minfo":""},"artag":"AP","artdate":"2021-12-11 07:38:21","lastupd":"2021-12-11 07:41:04","breadcrumbTags":["Internet","International","software vulnerability","tech news","sybersecurity","cybersecurity news","crowdstrike","microsoft","cloudflare","minecraft"],"secinfo":{"seolocation":"telecomnews\/the-internets-on-fire-as-techs-race-to-fix-software-flaw"}}" data-news_link="//www.iser-br.com/news/the-internets-on-fire-as-techs-race-to-fix-software-flaw/88217332">