Singapore government patching systems after alert on ‘critical’ Log4j software vulnerability

Singapore government patching systems after alert on 'critical' Log4j software vulnerability

SINGAPORE: Singapore authorities are checking and patching government systems “thoroughly” to guard against a critical vulnerability in a widely used software known as Log4j, said Minister for Communications and Information Josephine Teo on Friday (Dec 17).

This comes after the US cybersecurity agency warned that “a growing set” of hackers are actively attempting to exploit the flaw.

Log4j is an open-source software used to support activity-logging in many Java-based applications. Logging software tracks activity such as site visits, clicks and chats.

In a media release on Friday, the Cyber Security Agency of Singapore (CSA) said it has raised the alert on the Log4j vulnerability, urging businesses to implement mitigation measures.

“As it is widely used by developers, this vulnerability can have very serious consequences. Successful exploitation of this vulnerability will allow an attacker to gain full control of the affected servers,” said CSA.

“The situation is evolving rapidly and there have already been numerous observations of ongoing attempts by threat actors to scan for and attack vulnerable systems.”

In a Facebook post, Mrs Teo noted that security researchers have flagged it as one of the most serious cyber vulnerabilities.

“We are taking this seriously. Our teams at CSA and GovTech (Government Technology Agency of Singapore) are checking and patching our government systems thoroughly as we speak. But it will not be enough and we need to keep vigilant,” she wrote.

Mrs Teo added that CSA briefed trade associations and chambers on Friday morning.

“While the situation is serious, there are always proactive steps we can take. I urge CII (critical information infrastructure) owners, business leaders or developers to identify the potential risks in your systems and close these gaps quickly.”

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.