IT security experts have struck the alarm over a software vulnerability that threatens many servers on the network.
The head of the Federal Office for Information Technology Security (BSI) Arne Schönbohm and former Interior Minister Horst Seehofer recently warned of the growing threat of cyber attacks. Last year, 144 million were detected, according to BSI new malware variants, an increase of 22 percent compared to the previous year.
Watch the video
The “love letter” sent 50 million computers to hell. Here are the most dangerous computer viruses ever [TOPtech]
–
The highest degree of danger
According to BS), the gap is widely used on many computers the software module has led to an “extremely critical threat situation”. The Office increased the existing cybersecurity warning for the Java Log4j library to the red warning level.
It is the highest category on the BSI’s four-point scale for cybersecurity alerts.
The BSI issued a red alert on Saturday, highlighting the proliferation of cybercriminals’ attacks around the world, some of them reportedly successful. BSI further states that “at the moment it is not possible to fully estimate the extent of the threat that has arisen”.
The vulnerability found is in one of the libraries of the frequently used Java programming language. Under certain circumstances, it allows hackers to break into servers and install, for example, malware on them. Some versions of these libraries known as Log4j are affected by this vulnerability. However, no one knows for sure where the endangered versions of Log4j are used.
“At the moment it is not yet known in which products this library is used, which means that it is not yet possible to estimate which are at risk” – reports the Federal Office for Information Technology Safety.
Luka has been known since Thursday
The Office recommends users to immediately install software updates as soon as it is offered by its manufacturer.
Log4j is a library for creating logs, which allows servers to run work they can behave different events in a way similar to how you keep notes in journal shipbuilding. In this way, for example, errors that have occurred in the operation of the servers can be evaluated later.
The vulnerability can be triggered just because it is in the log signs they are written in a specific order, so experts observe that it can be used relatively easily.
This issue first surfaced on Thursday, December 9 on the servers used in the internet game Minecraft. IT security experts and Java specialists are working hard to close this gap. A corresponding update has already been developed, but it will not start working until it has been installed. That is why the firewall specialist, the American company Cloudflare, offered its customers a mechanism to block attacks by hackers and other cybercriminals.
Hackers are preparing serious attacks
Experts point out that not only online systems are at risk. This vulnerability can also be used to attack QRT code scanners and remote door locks that use Java and the Log4j library.
The IT industry is currently battling against hackers looking for access to compromised servers.
“The most important thing right now is to find out how widespread the problem is,” says Rainer Trost of ICT security firm F-Secure.
– Unfortunately, not only we are currently working overtime, because hackers are also trying to exploit this vulnerability for their purposes – he adds.
Rainer Trost is concerned that “the actual hacker attacks will not start until a few weeks or months.”
The article comes from the Deutsche Welle website.
–
