News
Log4j Vulnerably To Wreak Havoc On The Internet For Years To Come
Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them.
As if one pandemic wasn’t enough, there’s now also a cyber-pandemic whose scale is increasing at an exponential rate. The cause of this digital pandemic is a zero-day vulnerability in Java-based logging utility called Log4j. This open-source software allows software developers to log data within their applications, and it has been widely used since its release in 2001.
The vulnerability was disclosed on December 9 by the Alibaba Cloud Security Team, which named it Log4Shell (CVE-2021-44228). Two days later, cybersecurity company Tenable described it as “the single biggest, most critical vulnerability of the last decade”.
Since then, the vulnerability has affected many major tech players, including Amazon Web Services, Adobe, Broadcom, Cisco, Docker, F-Secure, IBM, Juniper Networks, Oracle, Red Hat, Siemens, SolarWinds, Sophos, Ubiquiti, Zoho, and others.
“It’s ubiquitous” said Chris Eng, chief research officer at cybersecurity firm Veracode, in an interview for CNN Business. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”.
In addition to affecting large swaths of the global IT infrastructure, the Log4Shell vulnerability is also extremely severe because it involves arbitrary code execution. In other words, it makes it possible for attackers to make the vulnerable system do anything they want.
That’s why the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), and Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) have all called on organizations to take on immediate action and install the available fixes, which were released three days before the vulnerability was published.
Also Read: How To Enable WhatsApp Disappearing Messages For All Chats
Still, attackers have already successfully exploited the vulnerability to steal sensitive data, extract system credentials, install backdoors, and run crypto miners. Some of the largest botnets in the world are now scanning for the vulnerability, and almost half of all corporate networks have already been probed.
Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them. Until that happens, cybercriminals will be on a hunt as well, ready to exploit them.
News
Samsung’s Galaxy Watch 9 And Ultra 2 Specs Leak Ahead Of Unpacked
An 800mAh Ultra 2 battery and a switch from Exynos to Qualcomm silicon headline the expected changes for Samsung’s next smartwatches.
Samsung’s next smartwatches have little left to hide. A new leak reported by Android Authority has surfaced most of the remaining details about the Galaxy Watch 9 and Galaxy Watch Ultra 2, just over a week before the company’s Galaxy Unpacked event on July 22.
The biggest change is an invisible one: Samsung is expected to drop its own Exynos W1000 chip in favor of Qualcomm’s Snapdragon Wear Elite SW6100, a chipset unveiled only this year, according to the outlet.
Battery capacity looks like the other notable upgrade. Citing a report from Winfuture, Android Authority says the Watch Ultra 2 could reach 800mAh, well beyond the 590mAh cell in the current Watch Ultra. The 44mm Watch 9 reportedly gets a 445mAh cell — the same capacity as last year’s Watch 8 Classic — while the 40mm model stays at 325mAh.
The 40mm Watch 9 will reportedly feature a 438 x 438-pixel panel, with the 44mm Watch 9 and the Watch Ultra 2 sharing a larger 480 x 480-pixel screen. Samsung leaker Ice Universe has separately claimed the Ultra 2’s display could reach a peak brightness of 5,000 nits. RAM and storage vary by model, topping out at 2GB and 64GB.
Also Read: Tamper With The Recording LED & Meta’s Glasses Kill Camera
The Ultra 2 keeps its titanium case and 100-meter water resistance; the standard Watch 9 remains aluminum, rated to 5 ATM. All models are said to include Bluetooth 6.0, NFC, and dual-band WiFi, with the usual LTE variants, and ship with One UI 9 Watch running on Wear OS 7.
A separate leak puts the Galaxy Watch 9 at €409 (about $468) for the 40mm Bluetooth model, rising to €489 (about $560) for the 44mm LTE version, with the Watch Ultra 2 LTE at €749 (about $857) — figures Android Authority said were partially corroborated by Winfuture. Confirmation arrives on stage on July 22.
