Beautiful Virgin Islands

Friday, Aug 08, 2025

Log4j software flaw 'endemic,' new cyber safety panel says

Log4j software flaw 'endemic,' new cyber safety panel says

A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden.
The Cyber Safety Review Board said in a report Thursday that while there hasn’t been sign of any major cyberattack due to the Log4j flaw, it will still “be exploited for years to come.”

“Log4j is one of the most serious software vulnerabilities in history,” the board’s chairman, Department of Homeland Security Under Secretary Rob Silvers, told reporters Wednesday.

The Log4j flaw, made public late last year, lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. The first obvious signs of the flaw’s exploitation appeared in Minecraft, a hugely popular online game owned by Microsoft.

The flaw’s discovery prompted urgent warnings by government officials and massive efforts by cybersecurity professionals to patch vulnerable systems.

The board said Thursday that “somewhat surprisingly” the exploitation of the Log4j bug had occurred at lower levels than experts predicted. The board also said that it was unaware of any “significant” Log4j attacks on critical infrastructure systems but noted that some cyberattacks go unreported.

The board said future attacks are likely in large part because Log4j is routinely embedded with other software and can be hard for organizations to find running in their systems.

“This event is not over,” Silvers said.

Log4j, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely popular with commercial software developers.

A security researcher at the Chinese tech giant Alibaba notified the foundation on Nov. 24. It took two weeks to develop and release a fix. Chinese media reported that the government punished Alibaba for not reporting the flaw earlier to state officials.

The board said Thursday it found “troubling elements” with the Chinese government’s policy toward vulnerability disclosures, saying it could give Chinese state hackers an early look at computer flaws they could use for nefarious means like stealing trade secrets or spying on dissidents. The Chinese government has long denied wrongdoing in cyberspace and told the board that it encourages improved information sharing on software vulnerabilities.

The board offered a number of recommendations on mitigating the fallout of the Log4j flaw as well as improving cybersecurity generally. That includes the suggestion that universities and community colleges make cybersecurity training a required part of computer science degree and certification programs.

The Cyber Safety Review Board is modeled after the National Transportation Safety Board, which reviews plane crashes and other major accidents, and was mandated by an executive order Biden signed last May. The 15-member board is made up of FBI, National Security Agency and other government officials as well as people from the private sector. Some supporters of the new board criticized DHS for taking so long to get it up and running.

Biden’s executive order directed the board to conduct its first review on the massive Russian cyber espionage campaign known as SolarWinds. Russian hackers were able to breach several federal agencies, including accounts belonging to top cybersecurity officials at DHS, though the full fallout from that campaign is still unclear.

Silvers said DHS and the White House agreed that reviewing the Log4j flaw was a better use of the new board’s expertise and time.
Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
Trump Administration Increases Reward for Arrest of Venezuelan President Maduro to Fifty Million Dollars
Armenia and Azerbaijan to Sign US-Brokered Framework Agreement for Nakhchivan Corridor
British Labour Government Utilizes Counter-Terrorism Tools for Social Media Monitoring Against Legitimate Critics
OpenAI Launches GPT‑5, Its Most Advanced AI Model Yet
Embarrassment in Britain: Homelessness Minister Evicted Tenants and Forced to Resign
President Trump nominated Stephen Miran, his top economic adviser and a critic of the Federal Reserve, to temporarily fill an open Fed seat
The AI-Powered Education Revolution: Market Potential and Transformative Impact
Chikungunya Virus Outbreak in Southern China: Over 7,000 Hospitalized
French wine makers have seen catastrophic damage to vines that were almost ready to be harvested after the worst fires in more than 70 years burned through the south of the country
US Lawmaker Probes Intel CEO’s China Ties Amid National Security Concerns
Brazilian President Lula says he’ll contact the leaders of BRICS states to propose a unified response to U.S. tariffs
Trump Open to Meeting Putin as Soon as Next Week, with Possible Trilateral Summit Including Zelenskiy
Katy Perry and Justin Trudeau spark dating rumors, joining high stakes world of celeb-politician romances
US envoy Steve Witkoff arrived in Moscow to seek a breakthrough in the Ukraine war ahead of President Trump’s peace deadline
WhatsApp Deletes 6.8 Million Scam Accounts Amid Rising Global Fraud
Nine people have been hospitalized and dozens of salmonella cases have been reported after an outbreak of infections linked to certain brands of pistachios and pistachio-containing products, according to the Public Health Agency of Canada
Karol Nawrocki Inaugurated as Poland’s President, Setting Stage for Clash with Tusk Government
Trump Signals JD Vance as ‘Most Likely’ MAGA Successor for 2028
US Charges Two Chinese Nationals for Illegal Nvidia AI Chip Exports
Texas Residents Face Water Restrictions While AI Data Centers Consume Millions of Gallons
U.S. Tariff Policy Triggers Market Volatility Amid Growing Global Trade Tensions
Tariffs, AI, and the Shifting U.S. Macro Landscape: Navigating a New Economic Regime
Representative Greene Urges H-1B Visa Cuts Amid U.S.-India Trade Tensions
U.S. House Committee Subpoenas Clintons and Senior Officials in Epstein Investigation
Sydney Sweeney Registered as Republican as Controversial American Eagle Ad Sparks Debate
Trump Accuses Major Banks of Politically Motivated Account Denials and Prepares Executive Order
TikTok Removes Huda Kattan Video Over Anti-Israel Conspiracy Claims
Trump Threatens Tariffs on India Over Russian Oil Imports
German Finance Minister Criticizes Trump’s Attacks on Institutions
U.S. Proposes Visa Bond of Up to $15,000 for Some Applicants
U.S. Farmers Increase Lobbying Amid Immigration Crackdown
Elon Musk Receives $23.7 Billion Tesla Stock Award
Texas House Paralyzed After Democrats Walk Out Over Redistricting
Mexican Cartels Complicate Sheinbaum’s U.S. Security Talks
Mark Zuckerberg Declares War on the iPhone
India Rejects U.S. Tariff Threat, Defends Russian Oil Purchases
United States Establishes Strategic Bitcoin Reserve and Digital Asset Stockpile
Thousands of Private ChatGPT Conversations Accidentally Indexed by Google
China Tightens Mineral Controls, Curtailing Critical Inputs for Western Defence Contractors
OpenAI’s Bold Bet: Teaching AI to Think, Not Just Chat
Tesla Seeks Shareholder Approval for $29 Billion Compensation Package for Elon Musk
Nvidia is cutting prices on its RTX 50-series graphics cards after sales slowed and inventories piled up
Ghislaine Maxwell Transferred to Minimum-Security Prison Amid Ongoing DOJ Discussions
U.S. Tariffs Surge to Highest Levels in Nearly a Century Under Second Trump Term
Matt Taibbi Slams Media for Role in Russiagate Narrative
Pilots Call for Mental Health Support Without Stigma
All Five Trapped Miners Found Dead After El Teniente Mine Collapse
Ong Beng Seng Pleads Guilty in Corruption Case Linked to Former Singapore Transport Minister
BP’s Largest Oil and Gas Find in 25 Years Uncovered Offshore Brazil
Italy Fines Shein One Million Euros for Misleading Sustainability Claims
×