Beautiful Virgin Islands

Wednesday, Oct 08, 2025

Log4j software flaw 'endemic,' new cyber safety panel says

Log4j software flaw 'endemic,' new cyber safety panel says

A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden.
The Cyber Safety Review Board said in a report Thursday that while there hasn’t been sign of any major cyberattack due to the Log4j flaw, it will still “be exploited for years to come.”

“Log4j is one of the most serious software vulnerabilities in history,” the board’s chairman, Department of Homeland Security Under Secretary Rob Silvers, told reporters Wednesday.

The Log4j flaw, made public late last year, lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. The first obvious signs of the flaw’s exploitation appeared in Minecraft, a hugely popular online game owned by Microsoft.

The flaw’s discovery prompted urgent warnings by government officials and massive efforts by cybersecurity professionals to patch vulnerable systems.

The board said Thursday that “somewhat surprisingly” the exploitation of the Log4j bug had occurred at lower levels than experts predicted. The board also said that it was unaware of any “significant” Log4j attacks on critical infrastructure systems but noted that some cyberattacks go unreported.

The board said future attacks are likely in large part because Log4j is routinely embedded with other software and can be hard for organizations to find running in their systems.

“This event is not over,” Silvers said.

Log4j, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers.

A security researcher at the Chinese tech giant Alibaba notified the foundation on Nov. 24. It took two weeks to develop and release a fix. Chinese media reported that the government punished Alibaba for not reporting the flaw earlier to state officials.

The board said Thursday it found “troubling elements” with the Chinese government’s policy toward vulnerability disclosures, saying it could give Chinese state hackers an early look at computer flaws they could use for nefarious means like stealing trade secrets or spying on dissidents. The Chinese government has long denied wrongdoing in cyberspace and told the board that it encourages improved information sharing on software vulnerabilities.

The board offered a number of recommendations on mitigating the fallout of the Log4j flaw as well as improving cybersecurity generally. That includes the suggestion that universities and community colleges make cybersecurity training a required part of computer science degree and certification programs.

The Cyber Safety Review Board is modeled after the National Transportation Safety Board, which reviews plane crashes and other major accidents, and was mandated by an executive order Biden signed last May. The 15-member board is made up of FBI, National Security Agency and other government officials as well as people from the private sector. Some supporters of the new board criticized DHS for taking so long to get it up and running.

Biden’s executive order directed the board to conduct its first review on the massive Russian cyber espionage campaign known as SolarWinds. Russian hackers were able to breach several federal agencies, including accounts belonging to top cybersecurity officials at DHS, though the full fallout from that campaign is still unclear.

Silvers said DHS and the White House agreed that reviewing the Log4j flaw was a better use of the new board’s expertise and time.
Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
France: Less Than a Month After His Appointment, the New French Prime Minister Resigns
Hungarian Prime Minister Viktor Orbán stated that Hungary will not adopt the euro because the European Union is falling apart.
Sarah Mullally Becomes First Woman Appointed Archbishop of Canterbury
Mayor in western Germany in intensive care after stabbing
Australian government pays Deloitte nearly half a million dollars for a report built on fabricated quotes, fake citations, and AI-generated nonsense.
US Prosecutors Gained Legal Approval to Hack Telegram Servers
Macron Faces Intensifying Pressure to Resign or Trigger New Elections Amid France’s Political Turmoil
Standard Chartered Names Roberto Hoornweg as Sole Head of Corporate & Investment Banking
UK Asylum Housing Firm Faces Backlash Over £187 Million Profits and Poor Living Conditions
UK Police Crack Major Gang in Smuggling of up to 40,000 Stolen Phones to China
BYD’s UK Sales Soar Nearly Nine-Fold, Making Britain Its Biggest Market Outside China
Trump Proposes Farm Bailout from Tariff Revenues Amid Backlash from Other Industries
FIFA Accuses Malaysia of Forging Citizenship Documents, Suspends Seven Footballers
Latvia to Bar Tourist and Occasional Buses to Russia and Belarus Until 2026
A Dollar Coin Featuring Trump’s Portrait Expected to Be Issued Next Year
Australia Orders X to Block Murder Videos, Citing Online Safety and Public Exposure
Three Scientists Awarded Nobel Prize in Medicine for Discovery of Immune Self-Tolerance Mechanism
OpenAI and AMD Forge Landmark AI-Chip Alliance with Equity Option
Munich Airport Reopens After Second Drone Shutdown
France Names New Government Amid Political Crisis
Trump Stands Firm in Shutdown Showdown and Declares War on Drug Cartels — Turning Crisis into Opportunity
Surge of U.S. Billionaires Transforms London’s Peninsula Apartments into Ultra-Luxury Stronghold
Pro Europe and Anti-War Babiš Poised to Return to Power After Czech Parliamentary Vote
Jeff Bezos Calls AI Surge a ‘Good’ Bubble, Urges Focus on Lasting Innovation
Japan’s Ruling Party Chooses Sanae Takaichi, Clearing Path to First Female Prime Minister
Sean ‘Diddy’ Combs Sentenced to Fifty Months in Prison Following Prostitution Conviction
Taylor Swift’s ‘Showgirl’ Launch Extends Billion-Dollar Empire
Trump Administration Launches “TrumpRx” Plan to Enable Direct Drug Sales at Deep Discounts
Trump Announces Intention to Impose 100 Percent Tariff on Foreign-Made Films
Altman Says GPT-5 Already Outpaces Him, Warns AI Could Automate 40% of Work
Singapore and Hong Kong Vie to Dominate Asia’s Rising Gold Trade
Trump Organization Teams with Saudi Developer on $1 Billion Trump Plaza in Jeddah
Manhattan Sees Surge in Office-to-Housing Conversions, Highest Since 2008
Switzerland and U.S. Issue Joint Assurance Against Currency Manipulation
Electronic Arts to Be Taken Private in Historic $55 Billion Buyout
Thomas Jacob Sanford Named as Suspect in Deadly Michigan Church Shooting and Arson
Russian Research Vessel 'Yantar' Tracked Mapping Europe’s Subsea Cables, Raising Security Alarms
New York Man Arrested After On-Air Confession to 2017 Parents’ Murders
U.S. Defense Chief Orders Sudden Summit of Hundreds of Generals and Admirals
Global Cruise Industry Posts Dramatic Comeback with 34.6 Million Passengers in 2024
Trump Claims FBI Planted 274 Agents at Capitol Riot, Citing Unverified Reports
India: Internet Suspended in Bareilly Amid Communal Clashes Between Muslims and Hindus
Supreme Court Extends Freeze on Nearly $5 Billion in U.S. Foreign Aid at Trump’s Request
Archaeologists Recover Statues and Temples from 2,000-Year-Old Sunken City off Alexandria
China Deploys 2,000 Workers to Spain to Build Major EV Battery Factory, Raising European Dependence
Speed Takes Over: How Drive-Through Coffee Chains Are Rewriting U.S. Coffee Culture
U.S. Demands Brussels Scrutinize Digital Rules to Prevent Bias Against American Tech
Ringo Starr Champions Enduring Beatles Legacy While Debuting Las Vegas Art Show
Private Equity’s Fundraising Surge Triggers Concern of European Market Shake-Out
Colombian President Petro Vows to Mobilize Volunteers for Gaza and Joins List of Fighters
×