A bug in the technical framework used in many applications and cloud services could leave various software vulnerable to hackers.
Hackers are actively scanning to detect systems that have this weakness so that they can take control of vulnerable systems remotely, according to warnings published on the Dutch and British National Cyber Security Centres (NCSC) websites.
The bug was detected in 'Log4j 2', an open-source Java logging library developed by the Apache Foundation which is widely used by developers to keep a record of activity within an application. This includes custom applications developed within an organisation, as well as numerous cloud services.
Some hackers have already developed tools to automatically target the weakness of the bug, as well as "worms" that can spread independently from one vulnerable system to another under the right conditions, according to a report from Wired.
Updates to reduce the vulnerabilityThe companies affected by the bug so far include Twitter, Apple and Amazon; the leak has also been found in the software for Tesla's electric cars. The Dutch NCSC has placed a list online on Github detailing applications that are vulnerable. But it but stressed that this list is "far from complete" and that it will grow in the coming days as more details are found.
- Mediamarkt cyber attack: hackers demand $50 million in Bitcoin
- Belgian companies suffer more ransomware attacks, but spend least on security
- Almost half of Belgian companies victims of cybercrime