Many big tech companies still battling the Log4j bug, which became a disaster for the Internet


Some of the world’s biggest tech companies are still struggling to protect their products from bugs in the common logging software Log4j. This situation is when hackers have started trying to take advantage of this vulnerability vulnerability a week ago. Cisco Systems, IBM, VMware and Splunk were among companies that had multiple pieces of faulty software being used by customers on Thursday, according to a running tally published by the US Cyber ​​Security and Infrastructure Security Agency.

Logging software is a universal software that tracks activities such as site visits, clicks and chats. read also

Earlier this month, a researcher at Chinese tech company Alibaba warned the non-profit Apache Software Foundation that Log4j would not only track chats or clicks, but also follow links from external sites. With this, it can let a hacker take control of the server.

Apache released a fix for the program, but thousands of other programs use this free logger. There are many free software among them, which are maintained by volunteers. Also, there are programs of many big companies, in which some engineers work round the clock in many programs.

Kevin Beaumont, a security threat analyst helping CISA compile the list, said that many vendors still do not have security patches for this vulnerability.

Some companies, including Cisco Cisco, are updating the guidance several times daily to reduce or detect intrusions.

As of Thursday, CISA’s list included about 20 Cisco products that were vulnerable to attacks due to lack of patches. These included the Cisco WebEx Meetings Server, the Cisco Umbrella, and a cloud security product.

A company spokesperson said Cisco has tested more than 200 products and about 130 are safe. Software patches are available for many of the affected products.

VMware is also continuously updating the advisory on its site. Splunk Splunk has also removed the list. Along with this, suggestions have also been given to deal with hackers trying to misuse the vulnerability.

IBM has listed the product as non-vulnerable but has also said that it does not confirm or disclose external vulnerability until a fix is ​​available.

,