A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organizations around the world.
“The Internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike.
“People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He said on Friday that in the 12 hours since the bug’s existence was disclosed that it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it.
The flaw may be the worst computer vulnerability discovered in years.
It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.
“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.
Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” — and possibly the biggest in the history of modern computing.
The vulnerability, dubbed ‘Log4Shell,’ was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software,
Experts said the extreme ease with which the vulnerability lets an attacker access a web server — no password required — is what makes it so dangerous.
New Zealand’s computer emergency response team was among the first to report that the flaw was being “actively exploited in the wild” just hours after it was publicly reported on Thursday and a patch released.
The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on Nov. 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.
But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.
Mr Yoran, of Tenable, said organizations need to presume they’ve been compromised and act quickly.
The first obvious signs of the flaw’s exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Mr Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.
Microsoft said it had issued a software update for Minecraft users.
“Customers who apply the fix are protected,” it said.
Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare.
Mr Sullivan of Cloudflare said there we no indication his company’s servers had been compromised.
Federer's 19 grand slam titles
Australian Open (5 titles) - 2004 bt Marat Safin; 2006 bt Marcos Baghdatis; 2007 bt Fernando Gonzalez; 2010 bt Andy Murray; 2017 bt Rafael Nadal
French Open (1 title) - 2009 bt Robin Soderling
Wimbledon (8 titles) - 2003 bt Mark Philippoussis; 2004 bt Andy Roddick; 2005 bt Andy Roddick; 2006 bt Rafael Nadal; 2007 bt Rafael Nadal; 2009 bt Andy Roddick; 2012 bt Andy Murray; 2017 bt Marin Cilic
US Open (5 titles) - 2004 bt Lleyton Hewitt; 2005 bt Andre Agassi; 2006 bt Andy Roddick; 2007 bt Novak Djokovic; 2008 bt Andy Murray
Lexus LX700h specs
Engine: 3.4-litre twin-turbo V6 plus supplementary electric motor
Power: 464hp at 5,200rpm
Torque: 790Nm from 2,000-3,600rpm
Transmission: 10-speed auto
Fuel consumption: 11.7L/100km
On sale: Now
Price: From Dh590,000
How the UAE gratuity payment is calculated now
Employees leaving an organisation are entitled to an end-of-service gratuity after completing at least one year of service.
The tenure is calculated on the number of days worked and does not include lengthy leave periods, such as a sabbatical. If you have worked for a company between one and five years, you are paid 21 days of pay based on your final basic salary. After five years, however, you are entitled to 30 days of pay. The total lump sum you receive is based on the duration of your employment.
1. For those who have worked between one and five years, on a basic salary of Dh10,000 (calculation based on 30 days):
a. Dh10,000 ÷ 30 = Dh333.33. Your daily wage is Dh333.33
b. Dh333.33 x 21 = Dh7,000. So 21 days salary equates to Dh7,000 in gratuity entitlement for each year of service. Multiply this figure for every year of service up to five years.
2. For those who have worked more than five years
c. 333.33 x 30 = Dh10,000. So 30 days’ salary is Dh10,000 in gratuity entitlement for each year of service.
Note: The maximum figure cannot exceed two years total salary figure.
Why does a queen bee feast only on royal jelly?
Some facts about bees:
The queen bee eats only royal jelly, an extraordinary food created by worker bees so she lives much longer
The life cycle of a worker bee is from 40-60 days
A queen bee lives for 3-5 years
This allows her to lay millions of eggs and allows the continuity of the bee colony
About 20,000 honey bees and one queen populate each hive
Honey is packed with vital vitamins, minerals, enzymes, water and anti-oxidants.
Apart from honey, five other products are royal jelly, the special food bees feed their queen
Pollen is their protein source, a super food that is nutritious, rich in amino acids
Beewax is used to construct the combs. Due to its anti-fungal, anti-bacterial elements, it is used in skin treatments
Propolis, a resin-like material produced by bees is used to make hives. It has natural antibiotic qualities so works to sterilize hive, protects from disease, keeps their home free from germs. Also used to treat sores, infection, warts
Bee venom is used by bees to protect themselves. Has anti-inflammatory properties, sometimes used to relieve conditions such as rheumatoid arthritis, nerve and muscle pain
Honey, royal jelly, pollen have health enhancing qualities
The other three products are used for therapeutic purposes
Is beekeeping dangerous?
As long as you deal with bees gently, you will be safe, says Mohammed Al Najeh, who has worked with bees since he was a boy.
“The biggest mistake people make is they panic when they see a bee. They are small but smart creatures. If you move your hand quickly to hit the bees, this is an aggressive action and bees will defend themselves. They can sense the adrenalin in our body. But if we are calm, they are move away.”
The specs
Engine: 2.0-litre 4cyl turbo
Power: 261hp at 5,500rpm
Torque: 405Nm at 1,750-3,500rpm
Transmission: 9-speed auto
Fuel consumption: 6.9L/100km
On sale: Now
Price: From Dh117,059
GRAN%20TURISMO
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Neill%20Blomkamp%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%3C%2Fstrong%3E%20David%20Harbour%2C%20Orlando%20Bloom%2C%20Archie%20Madekwe%2C%20Darren%20Barnet%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%203%2F5%3C%2Fp%3E%0A
