Log4j Software Flaw 'Endemic,' U.S. Cyber Safety Panel Claims

A computer vulnerability identified last year in a common piece of software is an "endemic" flaw that could pose security problems for at least a decade, according to a new cybersecurity panel created by United States President Joe Biden, Alan Suderman of the Associated Press (AP) recently reported.

Photo Insert: The Log4j vulnerability, which was made public late last year, allows internet-based attackers to easily grab control of industrial control systems, web servers, and consumer devices.

The Cyber Safety Review Board (CSRB) stated in a study published on Thursday that while there has been no indication of a large cyberattack owing to the Log4j bug, it "will be exploited for years."

The chairman of the board, Department of Homeland Security Undersecretary Rob Silvers, told reporters on Wednesday that “Log4j is one of the most serious software vulnerabilities in history.”

The Log4j vulnerability, which was made public late last year, allows internet-based attackers to easily grab control of industrial control systems, web servers, and consumer devices.

Minecraft, a massively popular online game owned by Microsoft, was where the flaw's exploitation initially manifested itself. The discovery of the weakness sparked urgent warnings from government officials and enormous efforts to patch susceptible systems by cybersecurity professionals.

The board stated on Thursday that, somewhat unexpectedly, the Log4j flaw had been exploited to a lesser extent than anticipated by experts. The board also stated that it was unaware of any "significant" Log4j attacks on systems of vital infrastructure, but added that not all cyberattacks are reported.

Future attacks are inevitable, according to the board, in large part because Log4j is commonly embedded with other software and can be difficult for enterprises to detect in their systems. "This event is not over," stated Silvers.

WEEKLY FEATURE : MVP Group Keeps Lights On During Pandemic