• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
ftc threatens legal action against companies failing to patch log4shell

FTC threatens legal action against companies failing to patch Log4Shell

You are here: Home / General Cyber Security News / FTC threatens legal action against companies failing to patch Log4Shell
January 5, 2022

Shutterstock

The Federal Trade Commission (FTC) has issued a warning declaring it will pursue lawful motion versus any US business identified to have put purchaser knowledge at risk by not appropriately mitigating Log4Shell.

The FTC reported in its warn that Log4Shell poses a extreme risk to hundreds of thousands of shopper products and solutions and business apps, incorporating that there is a sizeable risk of info reduction in a facts breach produced doable by means of the vulnerability, tracked as CVE-2021-44228.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The duty to choose reasonable ways to mitigate acknowledged program vulnerabilities implicates rules like, among the other individuals, the Federal Trade Commission Act and the Gramm Leach Bliley Act,” explained the FTC. “It is critical that companies and their vendors relying on Log4j act now, in get to cut down the likelihood of damage to customers, and to stay away from FTC legal action.”

Equifax’s notorious facts breach was referenced by the FTC in its warning to all US companies, indicating it failed to patch a identified vulnerability, lost details belonging to 147 million individuals, and compensated $700 million (£517 million) to settle the steps by the FTC and Shopper Finance Protection Bureau. 

“The FTC intends to use its complete legal authority to pursue firms that fail to consider realistic steps to safeguard shopper data from exposure as a result of Log4j, or very similar known vulnerabilities in the future,” it mentioned.

The FTC inspired firms to adhere to steering issued by the US Cybersecurity and Infrastructure Security Agency:

  • Update your Log4j program package to the most existing version found below
  • Consult CISA steering to mitigate this vulnerability.   
  • Assure remedial steps are taken to ensure that your company’s procedures do not violate the legislation. Failure to determine and patch situations of this software package might violate the FTC Act. 
  • Distribute this information to any relevant third-party subsidiaries that sell products or providers to individuals who may possibly be vulnerable. 

Log4Shell is the exploitable vulnerability in the greatly used log4j library, discovered in December, and is nevertheless below active exploitation from cyber attackers. The quantity of ongoing attack makes an attempt has prompted great problem from the cyber security group about how impactful a successful attack could be.

Microsoft up to date its website on Log4Shell before this 7 days echoing the worries of the wider industry about the scale of attacks leveraging the vulnerability in log4j. The corporation claimed the vulnerability presents a “complex and higher-risk predicament for companies throughout the globe”. 

The security flaw is so common in apps and services that it really is complicated to fully grasp how vulnerable any presented ecosystem essentially is. Microsoft recommended consumers to run scripts and scanning applications to evaluate their exposure. 

“Exploitation attempts and testing have remained higher through the very last weeks of December,” claimed Microsoft. “We have observed several present attackers incorporating exploits of these vulnerabilities in their current malware kits and techniques, from coin miners to fingers-on-keyboard attacks. Organisations could not realise their environments could by now be compromised.

“Microsoft recommends customers to do additional evaluate of products exactly where vulnerable installations are found out,” it included. “At this juncture, shoppers need to suppose wide availability of exploit code and scanning capabilities to be a real and existing hazard to their environments. Owing to the lots of computer software and expert services that are impacted and presented the tempo of updates, this is envisioned to have a long tail for remediation, necessitating ongoing, sustainable vigilance.”


Some areas of this report are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News UK’s Information Commissioner Starts New Role Amid Major Changes
Next Post: New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification new zloader banking malware campaign exploiting microsoft signature verification»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.