As if one pandemic wasn’t enough, there’s now also a cyber-pandemic whose scale is increasing at an exponential rate. The cause of this digital pandemic is a zero-day vulnerability in Java-based logging utility called Log4j. This open-source software allows software developers to log data within their applications, and it has been widely used since its release in 2001.
The vulnerability was disclosed on December 9 by the Alibaba Cloud Security Team, which named it Log4Shell (CVE-2021-44228). Two days later, cybersecurity company Tenable described it as “the single biggest, most critical vulnerability of the last decade”.
Since then, the vulnerability has affected many major tech players, including Amazon Web Services, Adobe, Broadcom, Cisco, Docker, F-Secure, IBM, Juniper Networks, Oracle, Red Hat, Siemens, SolarWinds, Sophos, Ubiquiti, Zoho, and others.
“It’s ubiquitous” said Chris Eng, chief research officer at cybersecurity firm Veracode, in an interview for CNN Business. Even if you’re a developer who doesn’t use Log4j directly, you might still be running the vulnerable code because one of the open-source libraries you use depends on Log4j”.
In addition to affecting large swaths of the global IT infrastructure, the Log4Shell vulnerability is also extremely severe because it involves arbitrary code execution. In other words, it makes it possible for attackers to make the vulnerable system do anything they want.
That’s why the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), and Germany’s Bundesamt für Sicherheit in der Informationstechnik (BSI) have all called on organizations to take on immediate action and install the available fixes, which were released three days before the vulnerability was published.
Still, attackers have already successfully exploited the vulnerability to steal sensitive data, extract system credentials, install backdoors, and run crypto miners. Some of the largest botnets in the world are now scanning for the vulnerability, and almost half of all corporate networks have already been probed.
Because of how widespread Log4j is, experts estimate that it may take years to hunt down all vulnerable instances and patch them. Until that happens, cybercriminals will be on a hunt as well, ready to exploit them.
Spotify Is Experimenting With Artist NFT Collections
According to a recent survey, it seems that the currently tested NFT collections are just the first step toward a much broader implementation of NFTs into the platform.
NFT sales may have declined by 92 percent since September 2021, but that’s not stopping Spotify from experimenting with a new feature that lets artists display their non-fungible token (NFT) collections on the music streaming platform.
At the moment, only a small group of artists are taking part in the experiment, including Steve Aoki and The Wombats. What’s more, only select US users of the Spotify app for Android can see NFTs when they visit the profile pages of the aforementioned artists.
“Spotify is running a test in which it will help a small group of artists promote their existing third-party NFT offerings via their artist profiles,” said Spotify spokesperson. “We routinely conduct a number of tests in an effort to improve artist and fan experiences.”
It’s important to point out that not all Spotify experiments result in new features. It all depends on the feedback the music streaming platform receives from users.
According to a survey some Spotify users have recently received, it seems that the currently tested NFT collections are just the first step toward a much broader implementation of NFTs into the platform. More specifically, Spotify seems to be thinking about allowing its users to directly purchase NFT art to support their favorite artists.
Considering how polarizing NFTs have been since their inception in 2014, it shouldn’t come as a surprise that many Spotify users have immediately expressed their dissatisfaction with the idea of NFTs becoming part of the Spotify music listening experience.
Other large tech companies are also experimenting with NFTs. Instagram, for example, started testing NFT integration last week, allowing NFT creators and collectors to display their tokens on the platform. Mark Zuckerberg himself believes that NFTs and digital collectibles in general will play an integral role in the metaverse, the new iteration of the internet.