S’pore firms warned to quickly fix Log4j software security hole that world experts call worst in years, Tech News News & Top Stories

SINGAPORE – Organisations should take swift action to patch a “critical vulnerability” in a widely used software that could allow hackers to take full control of computer systems, the Cyber Security Agency of Singapore (CSA) said on Tuesday (Dec 14).

This is because “we only have a short window” to put in place measures to limit any abuse of the flaw, warned the agency.

The flaw, which affects a wide range of applications from social media and gaming to online shopping and banking, is likely to affect hundreds of millions of devices, the United States’ national cyber-security agency said on Monday, adding that it could be one of the worst in years.

The affected Apache Log4j is a free, open source software that is popularly used to log and keep track of activities and changes in software applications, including system errors and messages from users.

Public and private sector organisations are expected to be affected.

Cyber-security experts warned that the flaw can be easily exploited by adding just a line of code. This could allow cyber crooks to, among other things, abuse the vulnerability to steal and delete data, hijack a company’s e-mail system to send phishing messages to other firms, and make fraudulent bank transfers.

Among the services and sites known to be vulnerable at some point include Apple’s iCloud online back-up service, Valve’s Steam online game store and Microsoft’s Minecraft online game. Other firms reportedly at risk include Amazon, Baidu, Google, Tencent and Twitter.

While CSA has not received any reports of breaches related to the vulnerability for now, it is closely monitoring the situation.

CSA’s urgent call to action follows from an initial alert it sent out last Friday.

It also comes after US Cybersecurity and Infrastructure Security Agency (Cisa) director Jen Easterly said the flaw, also called Log4Shell or LogJam, “is one of the most serious I’ve seen in my entire career, if not the most serious”, reported cyber-security news site CyberScoop.

Last Saturday, Germany’s cyber-security watchdog the BSI issued the highest red alert warning on the security hole, saying it posed an “extremely critical threat” to Web servers.

Apple and several companies…