CSA raises alert on ‘critical’ Log4j software vulnerability; users urged to patch systems
SINGAPORE: The Cyber Security Agency of Singapore (CSA) has raised the alert on a critical vulnerability in a widely used software known as Log4j, after US authorities warned that "a growing set" of hackers are actively attempting to exploit the flaw.
Log4j is an open-source software used to support activity-logging in many Java-based applications. Logging software tracks activity such as site visits, clicks and chats.
"As it is widely used by developers, this vulnerability can have very serious consequences," said CSA in a media release on Friday (Dec 17).
"Successful exploitation of this vulnerability will allow an attacker to gain full control of the affected servers," it added.
"The situation is evolving rapidly and there have already been numerous observations of ongoing attempts by threat actors to scan for and attack vulnerable systems."
Singapore authorities are checking and patching government systems "thoroughly", said Minister for Communications and Information Josephine Teo in a Facebook post.
"But it will not be enough and we need to keep vigilant," Mrs Teo said, adding that CSA briefed trade associations and chambers on Friday morning.
"While the situation is serious, there are always proactive steps we can take. I urge CII (critical information infrastructure) owners, business leaders or developers to identify the potential risks in your systems and close these gaps quickly."
Artmotion Asia