It wasn’t a good weekend for security pros all over the world. Alibaba Cloud disclosed a vulnerability in a Java logging service named Log4j. The first reports were seen as vulnerabilities in Minecraft servers but the attack surface quickly exploded as the number of programs and platforms that incorporated Log4j grew. We discuss this story and more on this week’s Rundown.
Alexa shutting down. No, the other one | 1:04
In the grand old days of the Internet, if you wanted to know what the most popular sites were you needed to ask Alexa. Not the AI powering the Amazon Echo speaker but the site Alexa.com, which was the top page ranking and reach. In a recent announcment, the team behind the tool has announced that they are shutting down the service on May 1, 2022. They are no longer taking paid subscriptions as of last week and will be sunsetting the service over the next six months
As previously reported on the Rundown, Jessica Rosenworcel was up to be appointed to the FCC for another term. Last week the US Senate not only renewed her appointment but made her the first female chair of the FCC. Rosenworcel had been serving in the interim chair role since the departure of Ajit Pai earlier this year. The appointment means that the board is now 2-2 with members from both political parties. The move is widely seen as a sign that there will be opposition to the nomination of Gigi Sohn, who is seen as a more reform minded member.
Last week was a big one for Mitchell Hashimoto and his little cloud company, HashiCorp. The software provider debuted on NASDAQ with a IPO at $80/share. The move valued the company at $14 billion and the stock offering raised $1.2 billion in total for HashiCorp. The price has risen since then, reflecting the interest in owning a part of a company that provides so many tools that help run the modern cloud infrastructure.
One of the largest timekeepers on the planet is on the clock for ransomware. Kronos Private Cloud posted a message to their customers this week saying that they have been affected by a major ransomware infection. Tellingly, the message also said that customers needed to move to using a backup solution for timekeeping. Kronos is the primary workforce time solution for a large number of business chains, including Sainsburys and Land rover, as well as a number of hospitals and government agencies. Impacts are unknown at this time but might affect payroll systems that integrate with Kronos as well work scheduling in the near future.
It wasn’t a good weekend for security pros all over the world. Alibaba Cloud disclosed a vulnerability in a Java logging service named Log4j. The first reports were seen as vulnerabilities in Minecraft servers but the attack surface quickly exploded as the number of programs and platforms that incorporated Log4j grew. The attack involves passing specially crafted messages to the logging server that allows for Java code to be executed arbitrarily even after the logging message has been written. The security world has been on high alert trying to patch the vulnerabilities as they have been found and companies scrambling to figure out what is affected. The move has also raised questions about the way that companies leverage open source software in their products.
The Gestalt IT Rundown is a live weekly look at the IT news of the week. It broadcasts live on Facebook every Wednesday at 12:30pm ET. To watch along, “Like” our Facebook page. Be sure to subscribe to Gestalt IT on YouTube for even more weekly video content.