denverger.blogg.se - Apache openoffice log4j

The pervasiveness of the logging software has allowed the bug to have a ripple effect across tightly connected digital supply chains, cybersecurity experts say, leaving some companies rushing to take stock of their vendors’ tools and security measures. “If you exploit this kind of vulnerability, you could really harm companies and also ruin the reputation of the vendor,” Mr.

Credit-Raters Look More Carefully at How Companies Respond to Cyberattacks October 27, 2022Įvonik shut down an online learning platform for employees as a precaution after identifying the Log4j software in the platform’s software stack, he said.

Officials Say Tech Companies Must Build Secure Products October 27, 2022

EU Expands Cyber Rules for Airline Flight Safety November 2, 2022.

His team first scanned internet-facing systems before moving to internal platforms. Azari on Monday said the German chemical company’s security team spent the weekend working to pinpoint vulnerabilities across its information-technology infrastructure. “I think it’s a matter of hours before we see this,” said CISA didn’t respond to a request for additional comment.Įxperts say they expect a ransomware attack using the vulnerability to happen soon. The Cybersecurity and Infrastructure Security Agency said it would hold an emergency call Monday afternoon to share more information with critical infrastructure operators.

officials in recent days called on suppliers affected by the Log4j vulnerability to update their software and contact customers. agencies through a compromised SolarWinds Corp. The vulnerability poses the latest threat to the supply chains that help the digital economy run, already under scrutiny from companies and governments since Russian hackers allegedly breached U.S. “It’s quite likely we won’t see any concerted patching efforts till the new year.” “But let’s look at the calendar, what’s happening in two weeks? Christmas,” he said. It could take many tech vendors a week or two to patch software affected by the vulnerability, Mr. Developers sometimes build software atop existing tools without fully understanding the underlying code, he said, potentially obscuring flaws such as the Log4j vulnerability.

The Log4j framework is used in at least 250,000 open-source software projects cataloged by Fortress Information Security, which analyzes suppliers to critical-infrastructure businesses including power companies and defense contractors, said