Chinese hackers are already exploiting a ‘fully weaponized’ software vulnerability that is causing mayhem on the web, with experts warning that it is the ‘most serious threat they have seen in decades.
The flaw was uncovered earlier this month in a piece of software called Log4j, which helps applications interact with one another across computer networks. By exploiting the flaw, dubbed Log4Shell, hackers can take control of servers that run the network and repurpose them for their own ends.
That could mean stealing data on those servers such as medical records and photos, plundering company databases for people’s bank details, or locking up servers and extorting firms in so-called ‘ransomware’ attacks.
And there is little that most ordinary users can do to stop this from happening or any way to tell if data has been stolen in this way. As one cybersecurity source who spoke to MailOnline put it: ‘This is where you put your faith in the lap of the computer Gods and hope it gets fixed soon.’
Data will only be vulnerable to this hack if it has been stored on a server that uses an API – an ‘application programming interface’, effectively an invisible cog that helps computer networks turn – which incorporates Log4J, the expert added.
It means, for example, that photos which have never been uploaded to the internet should be safe – but many phones will automatically back up images online without users being aware of it. READ MORE
