Apple, Cloudflare and Minecraft face security risk



Apple, Cloudflare and Minecraft could be at risk from a “critical” security flaw, experts have warned.

The Department of Homeland Security’s top cyber chief has urged companies and governments to move quickly as hackers swoop in.

Meanwhile, all federal agencies have been ordered to update their software urgently.

Jen Easterly, head of DHS’s Cybersecurity and Infrastructure Security Agency, warned of breaches to Java-based software ‘Log4j’.

Some of the world’s biggest tech firms, including Apple, use the application, researchers say.

The vulnerability can offer a hacker a relatively easy way to access an organization’s computer server.

From there, they could find other ways to get into systems.

Experts say the fall-out could continue for weeks to come as bosses race to correct the problem.

A tool for hackers was made public on GitHub at the weekend, giving the attackers a roadmap to break into devices.

Apple logo.
Apple uses Log4j.
Budrul Chukrut/SOPA Images/LightRocket via Getty Images

Easterly said her agency would hold a call with critical infrastructure firms across the country on Monday to brief them on the situation.

The Apache Software Foundation, which manages Log4j software, has released a security fix.

Cybersecurity researchers interviewed by CNN said it was unclear just how many devices on the internet are exposed to the vulnerability.

Log4j’s vulnerability can offer a hacker a relatively easy way to access an organization’s computer server.
Pavlo Gonchar/SOPA Images/LightRocket via Getty Images

However, IT chiefs around the world are bracing for issues.

Kevin Beaumont, a researcher who keeps a close eye on emerging software flaws, said the issue is like “lock[ing] the doors to your car, but then allow[ing] anybody to shout commands at Siri from outside the car to remotely drive it.”

He tweeted: “Log4j is buried deep inside products and [organizations], gonna be painful to fix.”

Elsewhere, Microsoft announced on Monday that it had disrupted the cyber-spying of a state-backed Chinese hacking group.

The company seized 42 websites used to gather intelligence from foreign ministries, think tanks and human rights organizations in 29 different countries, including the US.

The company said a Virginia federal court granted its request to seize the domains from the group it calls Nickel – but is also known as APT15 and Vixen Panda.

This story originally appeared on The Sun and has been reproduced here with permission.


Source link