Government officials said the flaw is already being “widely exploited” by nefarious bad actors, meaning there’s a good chance anyone reading this is at risk. Here’s what you need to know.
A newly discovered security flaw in widely used computer code has put users, devices and software all over the world at “severe risk” of being exploited, according to the U.S. government.
The problem is what experts are calling a “vulnerability,” or in other words a kind of programming door that would let hackers into a computer system. According to a statement from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the vulnerability is part of the “log4j software library” and is already “being widely exploited by a growing set of threat actors.” The statement goes on to describe the problem as “urgent.”
“To be clear, this vulnerability poses a severe risk,” the statement adds.
The software that includes the security flaw is widespread, meaning there’s a good chance anyone reading this is at risk. So here’s what you need to know:
What is Log4j?
Log4j is a piece of software that records what a device is doing. Andrew Morris, founder and CEO of cyber-intelligence firm GreyNoise, told NPR that the software is like “a modular component that’s used in many, many different kinds of software.” In other words, it’s computer code that programmers all over the world include in their software, and it has ended up in a vast number of places.
Morris also reportedly said that the flaw is “really not that complicated,” meaning it’s fairly easy for hackers to exploit. According to CNET, hackers can use the flaw to take over servers, preventing their true owners from using them.
Hackers have used the flaw to mine for cryptocurrency on other people’s devices and steal data, among other things, Wired reported.
Who is at risk?
The short answer here is basically everyone.
Computer security firm Rumble has compiled a list of…