A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organizations around the world.
“The internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike. “People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He said Friday morning that in the 12 hours since the bug’s existence was disclosed that it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it.
The flaw may be the worst computer vulnerability discovered in years. It was uncovered in a utility that’s ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.
“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.
Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” — and possibly the biggest in the history of modern computing.
Bug in iPhone, iPad may have opened door to hackers, security company says
The vulnerability, dubbed `Log4Shell,’ was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software,
Experts said the extreme ease with which the vulnerability lets an attacker access a web server — no password required — is what makes it so dangerous.
New Zealand’s computer emergency response team was among the first to report that the flaw was being “actively exploited in the wild” just hours after it was publicly reported Thursday and a patch released.
The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on Nov. 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.
But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.
Yoran, of Tenable, said organizations need to presume they’ve been compromised and act quickly.
The first obvious signs of the flaw’s exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.
Microsoft said it had issued a software update for Minecraft users. “Customers who apply the fix are protected,” it said.
Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare.
Cloudflare’s Sullivan said there we no indication his company’s servers had been compromised. Apple, Amazon and Twitter did not immediately respond to requests for comment.
© 2021 The Canadian Press
Apple requires employees to have proof of a COVID booster as Omicron spreads, according to reports – Euronews
Apple will require retail and corporate employees to provide proof of a COVID-19 booster shot, The Verge reported on Saturday citing an internal email.
Starting January 24, unvaccinated employees or those who haven’t submitted proof of vaccination will need negative COVID-19 tests to enter Apple workplaces, the report said.
The Verge said it was not immediately clear if the testing requirement applies to both corporate and retail employees.
“Due to waning efficacy of the primary series of COVID-19 vaccines and the emergence of highly transmissible variants such as Omicron, a booster shot is now part of staying up to date with your COVID-19 vaccination to protect against severe disease,” the memo read, according to The Verge.
Apple did not immediately respond to a request from Reuters for comment.
Many companies in the US have been strengthening their COVID-19 rules, mandating vaccination and delaying back-to-office plans as the Omicron variant increases infections across the country.
This week, Facebook parent Meta Platforms mandated COVID-19 booster shots for all workers returning to offices. It also delayed U.S. office reopenings to March 28, from an earlier plan of January 31.
Alphabet Inc’s Google on Friday said it was temporarily mandating weekly COVID-19 tests for people entering its US offices.
A report by The Information said Amazon.com Inc has offered its US warehouse workers $40 (€35) to get a booster shot.
The mid-2012 MacBook Pro 13-inch will soon become obsolete – Vaughan Today
Apple will declare the mid-2012 13.3-inch MacBook Pro a “legacy” on January 31, according to an internal memo intercepted by Apple. Mac rumors. This is the last step before it becomes permanently outdated: it means that Apple will stop providing compatible parts to Apple Stores and Authorized Service Centers. It will always be possible to get a repair in the event of a breakdown, but within the limits of the available parts: this will therefore be increasingly difficult, up to the complete obsolescence that must be declared in a couple of years. You can refer to the list of old and outdated products on this page.
The mid 2012 13.3-inch MacBook Pro is the last model to feature an integrated CD/DVD drive. It was on sale until October 2016 to provide a more affordable alternative to models with Retina displays, which explains this late obsolescence. It is particularly reliable and offers interesting upgrade possibilities for people who want to replace the optical drive with a second volume. It is a standout model. Its time and about to give it up.
Links not showing up? Pictures are missing? Your ad blocker plays tricks on you.
To view all of our content, please turn off your ad blocker!
“Proud thinker. Tv fanatic. Communicator. Evil student. Food junkie. Passionate coffee geek. Award-winning alcohol advocate.”
Stable ColorOS 12 update goes live for OPPO A73, A74, F19 Pro+, and more – XDA Developers
OPPO has started seeding a stable ColorOS 12 update based on Android 12 to a bunch of its mid-range devices, including the OPPO A73, F19 Pro+, Reno 5Z, and Reno 6Z. OPPO previously said it would kick off the stable update rollout for these devices from January 17 and it’s making good on its promise.
As per recent announcements posts on OPPO Community, the stable ColorOS 12 update with Android 12 is currently rolling out to the OPPO A73, OPPO A74, OPPO Reno 5Z, Reno 6Z 5G, and Reno 5Z in various regions. The update is live for the OPPO A73 and Reno 5Z in Saudi Arabia and the UAE. Similarly, the OPPO A74 and F19 Pro+ units in India have also started receiving it. Finally, the OPPO Reno 6Z update is currently rolling out in Cambodia, Thailand, Vietnam, and the UAE.
If you own any of the above-mentioned devices, be on the lookout for an OTA notification in the coming days. Since the update is rolling out in a staged fashion, it might take several days before it makes its way to everyone. So far, the update has only gone live in select regions, but OPPO says it plans to expand the rollout to other markets soon.
After installing the ColorOS 12 update, users can look forward to many exciting features and changes, such as a new wallpaper-based theming system, Screen Translate, Canvas AOD, Android 12’s Privacy Dashboard and privacy indicators, and much more. You can learn more about ColorOS 12 in our in-depth review of the new skin.
If your phone isn’t on the list, don’t worry. OPPO plans to bring the latest version of its custom skin to many more phones. Owners of the OPPO Reno 5F, Reno 4 Pro, Reno 4F, F19 Pro, and F17 Pro will be able to try out an early version of ColorOS 12 next month. Meanwhile, the Reno 5 Lite, Reno 4, Pro, Reno 4Z, Reno 4 Lite, and more are scheduled to receive a ColorOS 12 beta sometime in March.
Twitter expands feature allowing users to flag misleading tweets
Black and Racialized Artists, Musicians and Producers Join Forces For THE FREEDOM MARCHING PROJECT
Bitcoin investors dig in for long haul in ‘staggering’ shift
Silver investment demand jumped 12% in 2019
Europe kicks off vaccination programs | All media content | DW | 27.12.2020 – Deutsche Welle
Iran anticipates renewed protests amid social media shutdown
News16 hours ago
Back to school in 4 provinces as Omicron spreads – CTV News
Economy15 hours ago
China’s Economy Slowed Late Last Year on Real Estate Troubles – The New York Times
News22 hours ago
Omicron: 'Let it rip' not the solution, experts say – CTV News
Business22 hours ago
UK government to cut funding for BBC – Mail on Sunday report
Science15 hours ago
Roberta Bondar flew into space 30 years ago and never saw Earth the same after that – CBC.ca
Business23 hours ago
HVAC scams and how to stop them; why can't retail workers get N95 masks? CBC's Marketplace Cheat Sheet – CBC News
News14 hours ago
Winter storm slams U.S. East Coast, Canada, thousands of flights canceled
Tech22 hours ago
Wordle! and Wardle team up to donate proceeds from an unrelated app’s popularity spike – The Verge