Cybersecurity officials at major technology companies are making efforts to fix a “serious” flaw in a widely used Internet program.
According to the Wall Street Journal, cybersecurity experts warn that this vulnerability “could allow a new round of cyberattacks.”
This vulnerability, hidden in a “mysterious part” of the server software, called Log4j, was identified and led to in-depth investigations into companies including Amazon, Twitter and Cisco.
“We are monitoring this issue, and we are working to address it,” Amazon, the world’s largest cloud computing company, said in a security warning.
The US Cybersecurity and Infrastructure Security Agency issued an alert about the vulnerability, urging companies to take action.
“To be clear, this loophole poses a significant risk. We will only minimize the potential impacts, by intensifying cooperation between government and the private sector,” said agency director Jane Easterly.
Companies that produce software containing the Log4j vulnerability, including IBM, Red Hat, Oracle and VMware, announced that they would update the software.
Aaron Portnoy, chief scientist at security firm Randori, explained that given the ease of exploiting the vulnerability, and the difficulty of preventing attacks, hackers may use Log4j to break into corporate networks for years to come.
The vulnerability allows hackers to convert log files that track what users do on computer servers, into malicious instructions that force the device to download unauthorized software.
The newspaper quoted researchers as saying that hackers “began to exploit the loophole”, on Friday, to gain access to the servers that run the game “Minecraft”, affiliated with Microsoft. In a note published Friday, the company advised Minecraft users to update the game.
The researchers added that the vulnerability was also found in the servers of “Apple”, and in the systems of other companies, including “Twitter” and “LinkedIn”, also owned by “Microsoft”.