This security flaw could impact the entire internet. Here’s what you should know

/in


A critical flaw in widely used software has cybersecurity experts raising alarms and big companies racing to fix the issue.The vulnerability, which was reported late last week, is in Java-based software known as “Log4j” that large organizations use to configure their applications — and it poses potential risks for much of the internet.Related video above: Parents are concerned about their child’s safety on the internetApple’s cloud computing service, security firm Cloudflare, and one of the world’s most popular video games, Minecraft, are among the many services that run Log4j, according to security researchers.Jen Easterly, head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), called it “one of the most serious flaws” seen in her career. In a statement on Saturday, Easterly said “a growing set” of hackers are actively attempting to exploit the vulnerability.As of Tuesday, more than 100 hacking attempts were occurring per minute, according to data this week from cybersecurity firm Check Point. “It will take years to address this while attackers will be looking… on a daily basis ,” said David Kennedy, CEO of cybersecurity firm TrustedSec. “This is a ticking time bomb for companies.”Here’s what you should know:What is Log4j and why does it matter?Log4j is one of the most popular logging libraries used online, according to cybersecurity experts. Log4j gives software developers a way to build a record of activity to be used for a variety of purposes, such as troubleshooting, auditing and data tracking. Because it is both open-source and free, the library essentially touches every part of the internet. “It’s ubiquitous. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open source libraries you use depends on Log4j,” Chris Eng, chief research officer at cybersecurity firm Veracode, told CNN Business. “This is the nature of software: It turtles all the way down.”Companies such as Apple, IBM, Oracle, Cisco, Google and Amazon, all run the software. It could present in popular apps and websites, and hundreds of millions of devices around the world that…

Source…