New dangerous software bug spreading through Minecraft
Dangerous bug in widely used software, which users immediately began to use in the online game Minecraft, is rapidly becoming a major threat to systems.
Experts say this software bug is perhaps the biggest threat to computers discovered in recent years.
Dangerous bug in widely used software, which users immediately began to use in the online game Minecraft, is rapidly becoming a major threat to systems, individuals, and organizations around the world
"It simply came to our notice then. While some are trying to make things right, all sorts of people are trying to take advantage of the situation," said Adam Meyers, senior vice president of intelligence at cybersecurity company Crowdstrike.
On Friday morning, 12 hours after the discovery of the existence of a very dangerous defect, malicious people developed and distributed tools to exploit this bug in computer space, says Mayers.
Experts say this bug is perhaps the biggest threat to computers discovered in recent years. Easy access to internal networks
The bug was discovered in a program that is present in "cloud" servers and business software used in industry and US administration.
If it is not removed, it allows various criminals, spies, but also beginners in programming easy access to internal networks, where they can steal valuable data, plant so-called malware, delete key information and more.
"I can hardly imagine a company that is not in danger," said Joe Sullivan, Cloudflare's chief security officer, whose network infrastructure protects websites from malicious intrusions.
This bug has crept into countless millions of servers, and experts say that the consequences of that will not be known for days. The biggest and most critical software bug
Amit Yoran, CEO of cybersecurity company Tenable, called the thing "the biggest, most critical software" bug "of the last decade" and probably the biggest in the history of modern computing.
That threat, dubbed ‘Log4Shell’, was rated 10 on a scale of one to 10 by the Apache Software Foundation, which oversees software development. Anyone with the necessary tools can gain full access to an unprotected computer using the software.
Experts say the extreme ease with which the bug allows an attacker to access a web server without the need for a password is what makes it so dangerous.
The New Zealand Computer Emergency Team was among the first to report that the bug was "actively exploited in the computer space" just hours after reports were released Thursday and a solution was discovered.
But repairing systems around the world could be a complicated task. While most cloud-based organizations and service servers, such as Amazon, should be able to easily update their web servers, the same Apache software is widely embedded in third-party programs, which can often only be updated by their owners. The system crashes over Minecraft
Yoran says those organizations must assume they are threatened and act quickly.
The first obvious signs of exploiting the bug appeared in Minecraft, an online game very popular among children, which is owned by Microsoft.
Meyers and security expert Marcus Hutchins said some Minecraft users use the bug to crash systems on other users' computers by 'pasting' a short message into a chatbox.
Microsoft has announced that it has issued a software update recommendation for Minecraft users. "Customers who apply the solution are protected," the statement said.
Computer researchers reported finding evidence that the bug could be used on servers run by companies such as Apple, Amazon, Twitter and Cloudflare.
Cloudflare's Joe Sullivan said there were no indications that his company's servers were compromised. Apple, Amazon and Twitter have not yet commented.