On a scale from 1 to 10, it is a 10: A critical security gap threatens the Internet. Security experts try to shut it down, meanwhile there are the first cyberattacks.
Experts warn of the Log4shell vulnerability.
It threatens large parts of the Internet. The extent is not yet entirely clear.
There are already first attacks that can be traced back to the vulnerability.
A newly discovered vulnerability threatens servers all over the world.
The vulnerability could hit companies like Apple and Twitter.
IT Experts are working to close them.
A dangerous weak point in a much-used server software sets the alarm bells ringing for IT experts. The Federal Office for Information Security (BSI) raised its warning level on the security gap from orange to red on Saturday. Attack attempts have been made worldwide, some of which have been successful, it was said to justify. “The extent of the threat cannot be conclusively determined at the moment,” warned the office, which is also responsible for the federal government's IT security.
The vulnerability with the designation Log4Shell was rated 10 on a scale from 1 to 10, i.e. the worst level. Anyone who exploits the vulnerability can have full access to a PC on which the vulnerability has not been fixed. A New Zealand emergency team reported the vulnerability was in a Java-written utility for Apache servers that is used to log user activity. It had already been exploited a few hours after it became known.
Government also affected
Researchers reported that there are indications that the security gap in servers of companies such as Apple, Amazon, Twitter and Cloudflare can be exploited. Via the gap, code on servers can be changed from the ground up, as the following tweet shows.
According to information from “Spiegel”, several positions in the German federal administration are also affected by the serious vulnerability. “If there is a weak point with this distribution, the federal administration is also affected,” according to the report from the Federal Office for Information Security (BSI). The authority is aware of individual vulnerable systems and appropriate protective measures have already been initiated.
So far there is no evidence that the weak point in the federal administration has actually been exploited. According to the BSI, the problem has already been resolved in at least some cases.
Race with hackers
“The Internet is on fire right now,” said the vice president of the cybersecurity firm Crowdstrike, Adam Meyers. Some tried to patch up the gap, others wanted to take advantage of it and turned it into a weapon. Invisible to Internet users, there was a race over the weekend between IT experts and online criminals who automatically search for vulnerable servers.
“At the moment the priority is to find out how widespread the problem really is,” said Rüdiger Trost from the IT security company F-Secure. “Unfortunately, not only security teams, but also hackers work overtime to find the answer.”
Consumers not yet affected
According to the German IT security authority BSI, the dangerous weak point in much-used server software does not yet have any immediate consequences for consumers. “Cell phones and iPads have not yet been affected, you have to be very clear,” said the President of the Federal Office for Information Security (BSI), Arne Schönbohm, on Monday in Bonn. Rather, authorities and companies are affected, and “in the end it is the consumer who uses these services”. (dpa)
If you subscribe to the Digital-Push, you will be informed about news and rumors from the world of Whatsapp, Snapchat, Instagram, Samsung, Apple and Co. You will also be the first to receive warnings about viruses, Trojans, phishing attacks and ransomware. There are also tricks to get more out of your digital devices.
How it works: Install the latest version of the 20-minute app. At the bottom right, tap on «Cockpit», then «Settings» and finally on «Push notifications». Under “Topics”, tap “Digital” – et voilà!
My 20 Minuten
As a member, you become part of the 20-Minuten community and benefit from great benefits and exclusive competitions every day!