computer vulnerability 2021

December 16, 2021
computer vulnerability 2021

What we have here is an extremely widespread, easy to exploit and potentially highly damaging vulnerability that certainly could be utilized by adversaries to cause real harm.

Cybersecurity division executive assistant director Eric Goldstein, Cybersecurity and Infrastructure Security Agency (CISA), on what some call “the worst computer vulnerabilities they’ve ever seen.”
  • Here's how The Associated Press described this vulnerability: "… called Log4j, the flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics."
  • Government officials briefed state and local officials about the vulnerability this week.
  • Based on available reporting, hackers have already exploited this vulnerability, which doesn't require passwords for entry.
  • Microsoft reports state-backed hackers (from China and Iran) are among those who have used this loophole.

Why It Matters: Knowing whether a network used software that contains this code is not easy. Discovering and "patching" it could take weeks, and questions remain about whether hackers have already infiltrated – or are currently infiltrating – systems connected to critical infrastructure or even personal devices.

A good read by The Associated Press

The Log4j security flaw could impact the entire internet. Here's what you should know

by Jenna Lee,