![]() ![]() ![]() ![]() The Cyber Safety Review Board, a federally run committee, earlier this year characterized Log4Shell as an "endemic vulnerability" likely to cause problems for up to a decade and possibly even longer (see: Log4j Flaw Is 'Endemic,' Says Cyber Safety Review Board).īrian Fox, CTO of software supply chain management firm Sonatype, tells Information Security Media Group that seeing Log4j listed as a key vulnerability comes as no surprise: Log4j is widespread and Log4Shell is relatively easy to exploit. Researchers from the Alibaba Cloud Security Team in late 2021 discovered a flaw allowing attackers to inject malicious messages through the Lightweight Directory Access Protocol. Log4Shell burst into view late last year as a high-impact flaw in open-source Java utility Log4j maintained by the Apache Software Foundation and often deployed as a software library in other applications, including other Apache applications and VMWare products. The United States, joined by the European Union, the United Kingdom and NATO, in 2021 denounced China for a "pattern of irresponsible behavior in cyberspace." More recently, FBI Director Christopher Wray and Ken McCallum, director general of the U.K.'s MI5, jointly warned business and academic leaders about Chinese intellectual property theft. government and civilian networks," the agencies collectively warn.Ĭhina has a decadeslong history of state-sponsored hacking for commercial gain and national security purposes. ![]() See Also: Live Panel Today | A Better Way to Approach Data Backup and RecoveryĪ roundup by the FBI, National Security Agency and Cybersecurity and Infrastructure Security Agency of the 20 most actively exploited vulnerabilities favored by Beijing's coterie of state-sponsored threat actors over the past two years puts CVE-2021-44228 - better known as Log4Shell - smack at the top.Ĭhinese state-sponsored hacking continues to be "one of the largest and most dynamic threats to U.S. There's no reason not to take the obvious route: Log4Shell remains a top vulnerability exploited by Chinese hackers, says the U.S. Entry gate to the Forbidden City in Beijing (Image: Dyroc/ CC-BY-2.0) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |