During the weekend, companies and governments around the weekend rushed to ward off electronic attacks that are looking to exploit a dangerous defect in one of the widely used internet programs, which security experts have warned that it may give infiltrators comprehensively to networks.
Cyber security researchers said that the error, hidden in a mysterious part of the server program called "Log4J", represents one of the biggest risks that have been seen in recent years, because this software is widely used in corporate networks, according to a newspaper.Wall Street Journal (Wall Street Journal).
The "Log 4 J" development team was informed of the vulnerability in the program late last month, and they are a group of volunteer programmers who distribute their programs for free as part of the "Apache Software Foundation", according to Ralph Gors, a volunteer inThe project.
The Foundation, a non -profit group that helps in overseeing the development of many open source programs, warned its user community on the gap on December 9.
"It is a very critical issue," Gors said.."People need to upgrade to obtain reform"."Log 4 J" is used on servers to keep records of user activities so that they can be reviewed later by program development teams or safety teams.
And since "Logi 4G" is distributed for free, it is not clear that the number of servers affected by this error, but the registration program has been downloaded millions of times, Gors said.
The Cyber Security and Infrastructure Security Agency of the Ministry of Internal Security in the United States of America issued an urgent alert about the security vulnerability, and urged companies to take measures.
"In order to be clear, this vulnerability is a great danger..We will only reduce the possible effects through the cooperative efforts between the government and the private sector..
During the weekend, the German Cybersonian Security issued a "red alert" about the error.Australia described this issue as "critical".
Security experts warned that it may take weeks or more to assess the extent of damage, and that infiltrators who take advantage of the security vulnerability can access sensitive data on networks and install the rear doors that they can use to maintain their ability to reach servers even after correcting the defective program.
Aaron Burnoy, a scientist at the security company "Randouri", said: It is one of the most important weaknesses that I have seen for a long time.
Security experts noted that many companies have other operations that would prevent the harmful infiltrators from operating programs and storming these companies, which may limit the implications of the error..
"The attackers are examining all the network points in search of weaknesses," Microsoft said in the alert letter to customers..Amazon, Twitter and CISCO Systems were among the companies that they said are conducting their own investigations into the problem.
"We are actively monitoring this problem, and we are working on it," said Amazon, the largest cloud computing company in the world..
This is not the first time that an open source program has raised security concerns.In 2014, Internet users all over the world were urged to reset their passwords after discovering another problem known as "Heartbleed" in "OpenSSL", which is a mysterious but everywhere partFrom the Internet programs designed by volunteers.
Researchers said that the infiltrators started to exploit the defect on a large scale on Friday, including access to the servers that occupy the Minecraft game from Microsoft from Microsoft.
The researchers soon noticed widespread scanners and attempts to publish a "Log 4 J" error online.In a memorandum published on Friday, Microsoft advised some Minecraft players to upgrade their programs to correct the error.
During almost 24 hours, the Check Point Software Technologies LTD said it had seen more than a hundred thousand attempts to exploit the error, almost half of which were from virgin e -attackers.
Dutch researcher Kaz Van Coutin is that he had discovered the error in Apple's servers, which may give him a way to operate code within the company network.Cotin said he immediately informed Apple of the problem.
Another researcher said that the advisers working with his security company, Black Mirage, were able to discover the error in the systems run by other companies, including Twitter and LinkedIn, also owned by Microsoft.
"Our teams are looking at it, but we have no details to share it at the present time," said a Twitter spokeswoman on Friday.."While we respond to this like safety teams in many companies, we are not facing any active problem now," a LinkedIn spokeswoman said through a text message..
And since all types of data are recorded by servers, from email addresses to web mobility requests, these attempts can give attackers a foothold on a weak servant in the depths of corporate networks.
As Ryan McGihan, an independent security adviser, said, was a former Facebook security manager (Facebook..The attacker cannot be sure where it will end up. ".
Cisco is investigating more than 150 of its products to find a "Logi 4G" error.A spokesman for the company said on Saturday that it had found 3 products at risk so far, and that 23 of them are not at risk.