It wasn’t a good weekend for security pros all over the world. Alibaba Cloud disclosed a vulnerability in a Java logging service named Log4j. The first reports were seen as vulnerabilities in Minecraft servers but the attack surface quickly exploded as the number of programs and platforms that incorporated Log4j grew. We discuss this story and more on this week’s Rundown.
Alexa shutting down. No, the other one | 1:04
In the grand old days of the Internet, if you wanted to know what the most popular sites were you needed to ask Alexa. Not the AI powering the Amazon Echo speaker but the site Alexa.com, which was the top page ranking and reach. In a recent announcment, the team behind the tool has announced that they are shutting down the service on May 1, 2022. They are no longer taking paid subscriptions as of last week and will be sunsetting the service over the next six months
Read More: We will be retiring Alexa.com on May 1, 2022
Jessica Rosenworcel confirmed as new FCC Chair | 4:19
As previously reported on the Rundown, Jessica Rosenworcel was up to be appointed to the FCC for another term. Last week the US Senate not only renewed her appointment but made her the first female chair of the FCC. Rosenworcel had been serving in the interim chair role since the departure of Ajit Pai earlier this year. The appointment means that the board is now 2-2 with members from both political parties. The move is widely seen as a sign that there will be opposition to the nomination of Gigi Sohn, who is seen as a more reform minded member.
Read More: The Senate confirms Jessica Rosenworcel as the first female FCC chair
HashiCorp IPOs and raises $1.2 Billion | 7:50
Last week was a big one for Mitchell Hashimoto and his little cloud company, HashiCorp. The software provider debuted on NASDAQ with a IPO at $80/share. The move valued the company at $14 billion and the stock offering raised $1.2 billion in total for HashiCorp. The price has risen since then, reflecting the interest in owning a part of a company that provides so many tools that help run the modern cloud infrastructure.
Read More: Cloud darling Hashicorp’s IPO raises $1.22bn amid modest gains from a $80 start
Kronos KOed by Ransomware Attack | 12:52
One of the largest timekeepers on the planet is on the clock for ransomware. Kronos Private Cloud posted a message to their customers this week saying that they have been affected by a major ransomware infection. Tellingly, the message also said that customers needed to move to using a backup solution for timekeeping. Kronos is the primary workforce time solution for a large number of business chains, including Sainsburys and Land rover, as well as a number of hospitals and government agencies. Impacts are unknown at this time but might affect payroll systems that integrate with Kronos as well work scheduling in the near future.
Log4j Creates Lost Weekend of Patching
It wasn’t a good weekend for security pros all over the world. Alibaba Cloud disclosed a vulnerability in a Java logging service named Log4j. The first reports were seen as vulnerabilities in Minecraft servers but the attack surface quickly exploded as the number of programs and platforms that incorporated Log4j grew. The attack involves passing specially crafted messages to the logging server that allows for Java code to be executed arbitrarily even after the logging message has been written. The security world has been on high alert trying to patch the vulnerabilities as they have been found and companies scrambling to figure out what is affected. The move has also raised questions about the way that companies leverage open source software in their products.
Read More: Companies scramble to defend against newly discovered ‘Log4j’ digital flaw
National Vulnerability Database
The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on Facebook every Wednesday at 12:30pm ET. To watch along, “Like” our Facebook page. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.
