January 25, 2022

SHSU Houstonian Online

Read all latest news headlines from USA, UK and around the world, get today's breaking news and live updates on politics, elections, business, sports, economy,​ …

Thousands of companies are vulnerable to a serious security breach

Thousands of companies are vulnerable to a serious security breach

According to the NCSC, the program is “very widely used by organizations large and small in the Netherlands and abroad”. All of these organizations are at risk of being hacked due to this vulnerability.

Updates are now available to resolve the issue. NCSC calls to companies To make these updates as quickly as possible.

The leak showed that Minecraft can be hacked, among other things. The leak could have been found at other companies, including Twitter, Amazon and Apple, and in Tesla electric cars.

widely used

It is not yet clear how big the problem is and which companies might be affected. The National Civil Service Center reports that the vulnerability is already “widely” used in practice.

Moreover, any criminal hacker connected to the Internet can exploit the vulnerability relatively easily. Given the high interest in the leak, the National Center for Food Security expects that “methods of abuse will be further developed in the coming period.”

What is Log4j?

Log4j is software used to keep so-called “logs” of web servers. A lot of information is stored in such a log, such as error messages. This allows administrators to detect problems or suspicious behavior.

This week it emerged that there is a major security vulnerability in Log4j. If somehow a piece of Java code ends up in a register, that code is executed by the web server.

Such a piece of code can contain malware that a hacker can, for example, gain access to the entire server or spread malware.

Minecraft hack using username

There are several ways in which malicious code can enter the registry. In the popular game Minecraft, for example, usernames registered in the vulnerable Log4j were found. Anyone who sets such a token as a username can easily hack the server.

See also  The HDMI 2.1a standard may support tone mapping | hardware

As long as companies do not update their software, they remain vulnerable. That’s why major digital service providers Google and Cloudflare have quickly taken preventive measures.

These companies form a kind of “channel” between users and websites. By taking measures already in this channel, many attacks can be prevented.