• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

FTC: Patch Log4j Now or Risk Major Fines

You are here: Home / General Cyber Security News / FTC: Patch Log4j Now or Risk Major Fines
January 5, 2022

The Federal Trade Fee (FTC) has urged US corporations to patch the not too long ago learned Log4Shell vulnerability or risk experiencing punitive motion from the agency.

The buyer security agency explained that the first CVE-2021-44228 bug found in the Java logging utility late past yr is becoming extensively exploited in the wild and poses “a extreme risk to thousands and thousands of customer items,” which includes company application and web programs.

“When vulnerabilities are learned and exploited, it hazards a decline or breach of individual details, fiscal loss and other irreversible harms,” it ongoing.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“The obligation to choose affordable techniques to mitigate acknowledged software program vulnerabilities implicates laws like, among the some others, the Federal Trade Fee Act and the Gramm Leach Bliley Act. It is critical that businesses and their suppliers relying on Log4j act now, in order to lower the likelihood of hurt to buyers, and to keep away from FTC lawful motion.”

The FTC highlighted the situation of Equifax, one of the large a few credit history companies, which failed to patch a regarded Apache Struts flaw back in 2017, leading to the compromise of delicate information on 147 million buyers. The business subsequently agreed to pay $700m to settle with the agency and specific states.

“The FTC intends to use its whole legal authority to go after organizations that are unsuccessful to take reasonable steps to secure purchaser knowledge from exposure as a outcome of Log4j, or comparable recognised vulnerabilities in the potential,” it said.

Whilst Log4Shell was the initially and most dangerous bug found in Log4j not long ago, it was adopted by several far more disclosures, including CVE-2021-45046, a denial of company (DoS) vulnerability subsequently found to enable details leakage and remote code execution in some environments.

This was followed in late December by DoS bug CVE-2021-45105 and arbitrary code execution flaw CVE-2021-44832.

Microsoft warned on Monday that “exploitation tries and tests have remained significant in the course of the previous months of December,” with commodity attackers and nation-condition actors alike wanting to money in.

“At this juncture, shoppers must presume broad availability of exploit code and scanning abilities to be a true and existing danger to their environments,” it extra.

“Due to the many computer software and providers that are impacted and given the tempo of updates, this is envisioned to have a long tail for remediation, requiring ongoing, sustainable vigilance.


Some sections of this write-up are sourced from:
www.infosecurity-journal.com

Previous Post: «solving cyber security's diversity problem Solving cyber security’s diversity problem
Next Post: Google Cloud acquires Israeli security startup Siemplify google cloud acquires israeli security startup siemplify»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks
  • MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited

Copyright © TheCyberSecurity.News, All Rights Reserved.