The critical vulnerability is buried among endless open-source code, and many cyber experts are stumped.
To help frazzled IT professionals understand whether they needed to do anything, CISA provided a five-step process, with three substeps, two verification methods, and a 12-part flow chart diagram with multiple routes and three outcomes . As of early January, federal agencies had
The statement shifted the calculus of risk and liability for businesses. Threatened with legal action, they feel compelled to act. The challenge, though, is finding out whether they’re affected. Others disagree. “Part of the chaos is that all of these big supply chain issues can cause a disjointed effort at remediation,” says Katie Moussouris, founder and CEO of Luta Security, a cybersecurity consultancy. “So I do think the FTC’s pressure is important.”
Such issues are likely to disproportionately affect small and medium businesses, he says—and make it nigh-on impossible to fix easily.has found that around 30 percent of the consumption of Log4j is from potentially vulnerable versions of the tool. “Some companies haven’t got the message, don’t have the materials, and don’t even know where to start,” says Fox. Sonatype is one of the companies that provide a scanning tool to identify the issue, if it exists.
The problem emerges when companies don’t know they use Log4j, because it’s used in a small section of a brought-in application or tool they have no oversight over, and don’t know how to start looking for it. “It’s a bit like understanding what iron ore went into the steel that found its way into the piston in your car,” Glass says. “As a consumer, you have no chance of figuring that out.”
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
'It was frankly dumb': Ted Cruz apologizes for calling Jan. 6 riot a 'violent terrorist attack'It's not often that Ted Cruz finds himself having to mend fences with the right.
Read more »
'It was frankly dumb': Ted Cruz apologizes for calling Jan. 6 riot a 'violent terrorist attack'Tucker Carlson on Fox News assailed Ted Cruz for calling the Jan. 6 Capitol riot 'a violent terrorist attack.'
Read more »
Selena Gomez Thanks Rare Beauty Team With Full-Page Ad in ‘New York Times’“If you’re wondering why you’re seeing this letter in the ‘New York Times,’ it’s because I wanted to give your accomplishments the platform they deserve,” …
Read more »
Latest Alaska Quarterly Review showcases outstanding prose and poetry that speaks to our timeReview: AQR seeks the best, most innovative and imaginative writing from anywhere, and it’s always a pleasure to find Alaskans in the mix.
Read more »
When to Worry About a Nosebleed, According to an ENTIf you find that your nosebleeds are happening very frequently or you're losing more than a cupful of blood, it's time to see a physician.
Read more »