<!--DEBUG:--><!--DEBUG:dc3-united-states-software-in-english-pdf-2--><!--DEBUG:--><!--DEBUG:dc3-united-states-software-in-english-pdf-2--><!--DEBUG-spv-->{"id":2056632,"date":"2021-12-14T15:21:00","date_gmt":"2021-12-14T13:21:00","guid":{"rendered":"http:\/\/nhub.news\/?p=2056632"},"modified":"2021-12-14T18:03:08","modified_gmt":"2021-12-14T16:03:08","slug":"log4j-could-be-the-most-serious-security-threat-ever-seen-cisa-head-warns","status":"publish","type":"post","link":"http:\/\/nhub.news\/fr\/2021\/12\/log4j-could-be-the-most-serious-security-threat-ever-seen-cisa-head-warns\/","title":{"rendered":"Log4j could be the most serious security threat ever seen, CISA head warns"},"content":{"rendered":"<p style=\"text-align: justify;\"><b>US government agencies are expecting Log4j vulnerability to be widely exploited.<\/b><br \/>\nJen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned the recently-revealed Log4j vulnerability was \u201cone of the most serious\u201d she\u2019s seen in her entire career, \u201cif not the most serious\u201d. \u201cWe expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,\u201d Easterly explained. Adding to the conversation was Jay Gazlay, of CISA\u2019s vulnerability office, who said that \u201chundreds of millions of\u201d endpoints were likely to be affected by the flaw. CISA is part of the US Department of Homeland Security, and is currently building a website for all affected parties to educate themselve, but also to \u201ccounter active disinformation\u201d. To ensure organizations are safe from this flaw, a \u201csustained effort\u201d will be needed, Gazlay added: \u201cThere\u2019s no single action that fixes this issue,\u201d he added, before saying that this is not a problem that\u2019s going to disappear in a fortnight. Besides patching up as soon as possible, companies should make sure all hands are on deck over the holidays. Earlier this month, a new zero-day vulnerability in the popular Java logging framework Log4j was discovered with huge destructive potential. It\u2019s tracked as CVE-2021-44228, and allows malicious actors to run virtually any code. The skills required to take advantage of the flaw are very low, experts have warned, urging everyone to patch Apache\u2019s Log4j as fast as they can. The flaw is being compared to the 2017 issue which led to the Equifax hack, leading to the personal data of almost 150 million people being exposed. Organizations using Log4j in their software should upgrade it to the latest 2.15 version immediately which is available from Maven Central. So far, experts have discovered multiple use cases for the vulnerability: to install malware, cryptominers, to add the devices to the Mirai and Muhstik botnets, to drop Cobalt Strike beacons, to scan for information disclosure, or for lateral movement throughout the affected network. It\u2019s yet to be used in a supply chain attack, though. You might also want to check out our list of the best firewalls today Via: Cyberscoop<\/p>\n<script>jQuery(function(){jQuery(\".vc_icon_element-icon\").css(\"top\", \"0px\");});<\/script><script>jQuery(function(){jQuery(\"#td_post_ranks\").css(\"height\", \"10px\");});<\/script><script>jQuery(function(){jQuery(\".td-post-content\").find(\"p\").find(\"img\").hide();});<\/script>","protected":false},"excerpt":{"rendered":"<p>US government agencies are expecting Log4j vulnerability to be widely exploited. Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned the recently-revealed Log4j vulnerability was \u201cone of the most serious\u201d she\u2019s seen in her entire career, \u201cif not the most serious\u201d. \u201cWe expect the vulnerability to be widely exploited [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2056631,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[93],"tags":[],"_links":{"self":[{"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/posts\/2056632"}],"collection":[{"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/comments?post=2056632"}],"version-history":[{"count":1,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/posts\/2056632\/revisions"}],"predecessor-version":[{"id":2056633,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/posts\/2056632\/revisions\/2056633"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/media\/2056631"}],"wp:attachment":[{"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/media?parent=2056632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/categories?post=2056632"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nhub.news\/fr\/wp-json\/wp\/v2\/tags?post=2056632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}