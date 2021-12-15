LAS VEGAS (FOX5) -- Cyber experts describe the latest cyberthreat as one of the biggest they’ve every seen.
“The Department of Homeland Security actually calls this Log4j vulnerability the worst vulnerability basically in our history because it’s so widely used. And the vulnerability is the highest severity of any kind of vulnerability,” said Tego Cyber Inc. CEO Shannon Wilkinson.
Wilkinson, who runs the Las Vegas-based company, said the vulnerable piece of software called Log4j is a component for Apache framework, which a lot of companies use to log or collect data or to check their software or servers.
There are several reports of hackers or other threat actors already trying to attack businesses with ransomware or malware.
“There’s been proof of concept, or PoC code, that has been released … So a threat actor has shared information, this is how you take advantage of this vulnerability. So, it makes it very easy for organizations that haven’t patched yet to be taken advantage of,” said Wilkinson.
Wilkinson said she doesn’t see a huge threat with someone’s personal computer but does see a risk with someone’s personal information on other computers.
"Healthcare organizations, credit monitoring, financial institutions, those kinds of organizations, those are the ones that can be breached through this vulnerability. And then your data may be compromised. So that's one of the reasons why all these organizations are rushing to patch to make sure a situation like that doesn't occur again," said Wilkinson.
Wilkinson said businesses should scan their systems for the bug and fix it quickly if they discover it. She said individuals may want to monitor and even lock their credit, especially those who are not in the process of obtaining a loan.
She said a person would get alerts and people would not be able to access someone else’s accounts if their identity is compromised.
Officials with the popular Minecraft game identified Log4j and put out information about it. Wilkinson said the company did put a patch on right away and doesn’t think there would be a threat to anyone playing the game.
But officials are issuing information, specifically to those with their own servers, to make the game secure.
Player safety is the top priority for us. Unfortunately, earlier today we identified a security vulnerability in Minecraft: Java Edition.The issue is patched, but please follow these steps to secure your game client and/or servers. Please RT to amplify.https://t.co/4Ji8nsvpHf— Minecraft (@Minecraft) December 10, 2021
