Dangerous new flaw used by hackers 100 times every minute could wreak HAVOC on your PC

A NEWLY discovered flaw, which researchers claim that hackers are trying to exploit 100 times every minute to break into PCs, poses a “severe risk” to the entire internet. Here’s what you need to know about Log4j and how to protect yourself.

Log4j hack discovered

Log4j hack discovered targeting PCs 100 times every single minute (Image: GETTY)

This article contains affiliate links, we may receive a commission on any sales we generate from it. Learn more

Sign up for FREE for the biggest new releases, reviews and tech hacks

Invalid email

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Hackers are attempting to exploit a critical, zero-day vulnerability hundreds of thousands of times. The flaw is known as Log4j, with security experts scrambling to stop the threat in its tracks. The critical issues was discovered in Log4j, which is a Java library used for recording error messages in applications, and any device that uses versions 2.0 to 2.14.1 and connects to the internet is exposed to this.

A wide variety of popular devices and products use Log4j, such as the Java version of hugely popular game Minecraft. PC gaming service Steam also uses Log4j, as does Apple’s iCloud service, which iPhone, iPad, and Mac owners rely upon to store crucial data – like settings data, photos, documents and more – in the cloud.

The Log4j vulnerability can be exploited to steal sensitive information such as usernames and passwords as well as installing dangerous malware on affected devices.

Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, said the Log4j flaw poses a “severe risk” to the entire internet. Easterly said: “This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use.”

The way hackers have been exploiting the Log4j flaw varies depending on the programme being targeted. With the Java version of Minecraft, there have been reports the flaw was exploited via the game’s chat box.

Thankfully, a fix for this flaw is available in version 2.15.0 of Log4j. And hundreds of thousands of IT teams around the world are trying to update their systems accordingly.

Phone security: How hackers can obtain private information

The problem is it can take time for these updates to be applied across the board, so it might be months until everyone is safe once again.

Underlining the high-stakes of the situation, Adam Meyers – from cybersecurity firm Crowdstrike – said: “The internet’s on fire right now. People are scrambling to patch, and all kinds of people scrambling to exploit it.”

While Joe Sullivan, chief security officer for Cloudflare, said: “I’d be hard-pressed to think of a company that’s not at risk”.

And Amit Yora, the CEO of Tenable, labelled the Log4j flaw as the “single biggest, most critical vulnerability of the last decade”.

To stay safe, keep an eye out for any updates that could be push out for the OS’s and services you use in the coming days, weeks and months. For the Java Edition of Minecraft, Microsoft has pushed out the 1.18 update which will help keeps users safe from the flaw.

Harry Byrne

Harry Byrne

Related post