National body warns organizations of serious cybersecurity threat



[ad_1]

The National Cyber ​​Security Center (NCSC) warns organizations of a new vulnerability in Java code, which poses a “serious risk to the security and integrity of data.”

A vulnerability has been identified in Apache Log4j (CVE-2021-44228).

It is an open source Java logging library used by many applications and web services.

The vulnerability allows a remote unauthenticated attacker to execute an arbitrary code with privileges of the web server.

The NCSC has stated that it is likely that malicious actors will start using this vulnerability to attack web servers shortly.

This issue only affects organizations that operate web server infrastructure, and not people who browse the web at home on laptops or personal devices.

Apache has released a patch to fix the vulnerability, and administrators should complete their patch process to update to log4j-2.15.0-rc2.

All organizations should urgently assess their web servers for exposure to this risk, including services administered and provided by third parties, according to the NCSC.

The center added that there is no evidence that this vulnerability has been successfully exploited in the state so far, and they have no indication of any services or data affected.

However, they said the risk of a possible compromise would persist until the systems were updated.

Attempts to exploit the vulnerability can be detected.

Log files for all services using affected log4j versions will contain user-controlled strings; for example, “Jndi: ldap”.

The NCSC has published a detailed notice on ncsc.gov.ie.

Further details will be posted on the NCSC website as they emerge over the next few days.

Anyone who has been a victim of cybercrime should report the problem to An Garda Síochána.

This threat comes just days after the publication of a critical cybersecurity report from the HSE.

The PwC report, released on Friday, said the health service’s IT system was “fragile” and “scattered.”

There was a “known low level of cybersecurity maturity” within the HSE and the connected national health network, and this weakness had “persisted,” according to the report.

A multi-year IT and cybersecurity investment program was recommended.

[ad_2]

Previous Fund my adult son while he returns to college
Next Assembly first: Minister's Question Time should be signed in English and Irish