As if one pandemic wasn’t enough, there’s now also a cyber-pandemic whose scale is increasing at an exponential rate. The cause of this digital pandemic is a zero-day vulnerability in Java-based logging utility called Log4j. This open-source software allows software developers to log data within their applications, and it has been widely used since its release in 2001.
The vulnerability was disclosed on December 9 by the Alibaba Cloud Security Team, which named it Log4Shell (CVE-2021-44228). Two days later, cybersecurity company Tenable described it as “the single biggest, most critical vulnerability of the last decade”.
Since then, the vulnerability has affected many major tech players, including Amazon Web Services, Adobe, Broadcom, Cisco, Docker, F-Secure, IBM, Juniper Networks, Oracle, Red Hat, Siemens, SolarWinds, Sophos, Ubiquiti, Zoho, and others.
“It’s ubiquitous” said Chris Eng, chief research officer at cybersecurity firm Veracode, in an interview for CNN Business. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”.
In addition to affecting large swaths of the global IT infrastructure, the Log4Shell vulnerability is also extremely severe because it involves arbitrary code execution. In other words, it makes it possible for attackers to make the vulnerable system do anything they want.
That’s why the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), and Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) have all called on organizations to take on immediate action and install the available fixes, which were released three days before the vulnerability was published.
Still, attackers have already successfully exploited the vulnerability to steal sensitive data, extract system credentials, install backdoors, and run crypto miners. Some of the largest botnets in the world are now scanning for the vulnerability, and almost half of all corporate networks have already been probed.
Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them. Until that happens, cybercriminals will be on a hunt as well, ready to exploit them.
LEAP 2024 Will Shine A Light On Female Innovators In Technology
Women comprise nearly a third of the event’s speaker lineup alongside a dedicated program of high-level content, investment, and mentorship.
LEAP 2024, a premier global technology event, will highlight the achievements of women in the technology sector as it returns for its third edition at the Riyadh Exhibition and Convention Centre in Malham district from March 4 to 7.
Hosted by Tahaluf, a strategic collaboration between Informa PLC, the Events Investment Fund (EIF), and the Saudi Federation for Cybersecurity, Programming, and Drones (SAFCSP), LEAP 2024 will feature a dedicated program titled “Women in Tech”. The program will offer enriching content, investment opportunities, networking sessions, mentorship programs, and a special startup award.
The initiative aims to inspire women to actively participate in the technology industry, aligning with broader diversity efforts. Reflecting the Kingdom’s commitment to equality, the focus on “Women in Tech” coincides with the increasing female participation at LEAP events.
Annabelle Mander, Senior Vice President of Tahaluf, emphasized the event’s commitment to gender inclusivity, stating, “Female representation is across all of LEAP’s features and reflects the event’s mission of driving economic diversification and providing market access to international business. Within Tahaluf itself, half of our team members are women, and women make up half of our SMT, too”.
The “Women in Tech” program will feature distinguished speakers including Nadine Hachach Haram, CEO and Founder of Proximie, and Sahar Albanarna from IMPACTIQUE Bahrain, who explained: “Over 26 million women worldwide with professional experience and degrees are not in the global workplace. This demographic includes a huge pool of untapped talent which technology can help unleash to fuel the co-creation of exponential solutions across multiple sectors. To help women access productive employment, we urge industry leaders to support high-impact female entrepreneurs as a means to boost their economies and accelerate the UN’s sustainable development goals by promoting inclusive and sustainable economic growth”.
The event will also provide a platform for female-led startups and entrepreneurs to pitch for funding and support through various initiatives such as the Women’s Investor Forum, Entrepreneur Mentorship Scheme, and the Aviatrix Award at the Rocket Fuel pitch competition, offering a prize fund of US$150,000.