![\"<p>Security](\"\/\/www.iser-br.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
\"The internet<\/a>'s on fire right now,\" said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike<\/a>. \"People are scrambling to patch,\" he said, \"and all kinds of people scrambling to exploit it.\" He said Friday morning that in the 12 hours since the bug's existence was disclosed that it had been \"fully weaponized,\" meaning malefactors had developed and distributed tools to exploit it.
The flaw may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.
\"I'd be hard-pressed to think of a company that's not at risk,\" said Joe Sullivan, chief security officer for Cloudflare<\/a>, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.
Amit Yoran, CEO of the cybersecurity firm Tenable, called it \"the single biggest, most critical vulnerability of the last decade\" - and possibly the biggest in the history of modern computing.
The vulnerability, dubbed 'Log4Shell,' was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software.
Experts said the extreme ease with which the vulnerability lets an attacker access a web server - no password required - is what makes it so dangerous.
New Zealand's computer emergency response team was among the first to report that the flaw was being \"actively exploited in the wild\" just hours after it was publicly reported Thursday and a patch released.
The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on Nov. 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.
But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.
Yoran, of Tenable, said organizations need to presume they've been compromised and act quickly.
The first obvious signs of the flaw's exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft<\/a>. Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.
Microsoft said it had issued a software update for Minecraft users. \"Customers who apply the fix are protected,\" it said.
Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare.
Cloudflare's Sullivan said there we no indication his company's servers had been compromised. Apple, Amazon and Twitter did not immediately respond to requests for comment.
<\/body>","next_sibling":[{"msid":88217308,"title":"Apple shuts US store after staff members get Covid positive: Report","entity_type":"ARTICLE","link":"\/news\/apple-shuts-us-store-after-staff-members-get-covid-positive-report\/88217308","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":88217332,"entity_type":"ARTICLE","title":"'The internet's on fire' as techs race to fix software flaw","synopsis":"The vulnerability, dubbed 'Log4Shell,' was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software.","titleseo":"telecomnews\/the-internets-on-fire-as-techs-race-to-fix-software-flaw","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":872,"shares":0,"engagementtimems":2899000},"Alttitle":{"minfo":""},"artag":"AP","artdate":"2021-12-11 07:38:21","lastupd":"2021-12-11 07:41:04","breadcrumbTags":["Internet","International","software vulnerability","tech news","sybersecurity","cybersecurity news","crowdstrike","microsoft","cloudflare","minecraft"],"secinfo":{"seolocation":"telecomnews\/the-internets-on-fire-as-techs-race-to-fix-software-flaw"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2021-12-11" data-index="article_1">
- Telecom乐动扑克News
- 3分钟阅读
“互联网的着火”科技竞赛修复软件缺陷
漏洞,被称为“Log4Shell”,被评为10规模的1到10 Apache软件基金会,负责开发的软件。任何人利用可以获得完全访问一个应用补丁的计算机使用软件。
读到
“互联网说现在的着火,“亚当•迈耶斯智能网络安全公司的高级副总裁Crowdstrike。“人们正忙于补丁,”他说,“和各种各样的人争相利用它。”He said Friday morning that in the 12 hours since the bug's existence was disclosed that it had been "fully weaponized," meaning malefactors had developed and distributed tools to exploit it.
缺陷可能最糟糕的电脑漏洞发现了。发现在一个开源的日志记录工具,它无处不在在云服务器和企业软件跨产业和政府使用。除非它是固定的,它授予罪犯,间谍和编程新手一样方便地访问内部网络,在那里他们可以掠夺有价值的数据,植物的恶意软件,删除关键信息等等。
“我很难想到一个公司的风险,”乔·沙利文说,首席安全官Cloudflare基础设施保护网站的恶意行为。无数服务器安装和专家说,后果不知道好几天了。
我认为,网络安全公司的CEO站得住脚的,称之为“最大、最关键的脆弱性过去十年”,可能是历史上最大的现代计算。
漏洞,被称为“Log4Shell”,被评为10规模的1到10 Apache软件基金会,负责开发的软件。任何人利用可以获得完全访问一个应用补丁的计算机使用软件。
专家表示极度宽松的漏洞允许攻击者访问web服务器,不需要密码,是什么让它如此危险。
新西兰计算机紧急响应小组是第一批报告,缺陷是“积极利用在野外”几个小时后公开报道周四发布的补丁。
脆弱,位于开源Apache软件用于运行网站和其他web服务,据报道,基金会在11月24日由中国科技巨头阿里巴巴。花了两周的时间来开发和发布一个修复。
但全世界修补系统可能是一项复杂的任务。虽然大多数组织和亚马逊等云提供商应该能够轻松地更新他们的web服务器,同样的Apache软件也常常嵌入第三方程序,通常只能被主人更新。
站不住脚的,伦说,组织需要假定他们已经妥协,迅速行动。
第一个明显缺陷的开发出现在Minecraft,在线游戏广受欢迎的孩子和拥有的微软。迈耶斯和安全专家马库斯哈钦斯说"我用户已经使用它在其他用户的计算机上执行程序粘贴一个短消息聊天框。
微软表示,它已经为Minecraft用户发布了一个软件更新。“客户应用修复保护,”它说。
研究人员发现证据漏洞可以利用服务器由公司如苹果,亚马逊,Twitter和Cloudflare。
Cloudflare沙利文表示,没有迹象表明我们公司的服务器已被攻破。苹果、亚马逊和Twitter没有立即回复记者的置评请求。
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动