News
Log4j Vulnerably To Wreak Havoc On The Internet For Years To Come
Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them.
As if one pandemic wasn’t enough, there’s now also a cyber-pandemic whose scale is increasing at an exponential rate. The cause of this digital pandemic is a zero-day vulnerability in Java-based logging utility called Log4j. This open-source software allows software developers to log data within their applications, and it has been widely used since its release in 2001.
The vulnerability was disclosed on December 9 by the Alibaba Cloud Security Team, which named it Log4Shell (CVE-2021-44228). Two days later, cybersecurity company Tenable described it as “the single biggest, most critical vulnerability of the last decade”.
Since then, the vulnerability has affected many major tech players, including Amazon Web Services, Adobe, Broadcom, Cisco, Docker, F-Secure, IBM, Juniper Networks, Oracle, Red Hat, Siemens, SolarWinds, Sophos, Ubiquiti, Zoho, and others.
“It’s ubiquitous” said Chris Eng, chief research officer at cybersecurity firm Veracode, in an interview for CNN Business. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”.
In addition to affecting large swaths of the global IT infrastructure, the Log4Shell vulnerability is also extremely severe because it involves arbitrary code execution. In other words, it makes it possible for attackers to make the vulnerable system do anything they want.
That’s why the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), and Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) have all called on organizations to take on immediate action and install the available fixes, which were released three days before the vulnerability was published.
Also Read: How To Enable WhatsApp Disappearing Messages For All Chats
Still, attackers have already successfully exploited the vulnerability to steal sensitive data, extract system credentials, install backdoors, and run crypto miners. Some of the largest botnets in the world are now scanning for the vulnerability, and almost half of all corporate networks have already been probed.
Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them. Until that happens, cybercriminals will be on a hunt as well, ready to exploit them.
News
Samsung Smart Glasses Teased For January, Software Reveal Imminent
According to Korean sources, the new wearable will launch alongside the Galaxy S25, with the accompanying software platform unveiled this December.
Samsung appears poised to introduce its highly anticipated smart glasses in January 2025, alongside the launch of the Galaxy S25. According to sources in Korea, the company will first reveal the accompanying software platform later this month.
As per a report from Yonhap News, Samsung’s unveiling strategy for the smart glasses echoes its approach with the Galaxy Ring earlier this year. The January showcase won’t constitute a full product launch but will likely feature teaser visuals at the Galaxy S25 event. A more detailed rollout could follow in subsequent months.
Just in: Samsung is set to unveil a prototype of its augmented reality (AR) glasses, currently in development, during the Galaxy S25 Unpacked event early next year, likely in the form of videos or images.
Additionally, prior to revealing the prototype, Samsung plans to introduce…
— Jukanlosreve (@Jukanlosreve) December 3, 2024
The Galaxy Ring, for example, debuted in January via a short presentation during Samsung’s Unpacked event. The full product unveiling came later at MWC in February, and the final release followed in July. Samsung seems to be adopting a similar phased approach with its smart glasses, which are expected to hit the market in the third quarter of 2025.
A Collaborative Software Effort
Samsung’s partnership with Google has played a key role in developing the smart glasses’ software. This collaboration was first announced in February 2023, with the device set to run on an Android-based platform. In July, the companies reiterated their plans to deliver an extended reality (XR) platform by the end of the year. The software specifics for the XR device are expected to be unveiled before the end of December.
Reports suggest that the smart glasses will resemble Ray-Ban Meta smart glasses in functionality. They won’t include a display but will weigh approximately 50 grams, emphasizing a lightweight, user-friendly design.
Feature Set And Compatibility
The glasses are rumored to integrate Google’s Gemini technology, alongside features like gesture recognition and potential payment capabilities. Samsung aims to create a seamless user experience by integrating the glasses with its broader Galaxy ecosystem, starting with the Galaxy S25, slated for release on January 22.