The Federal Trade Commission has a message for companies that do not take into account the threats posed by log4j: patch up or advocate up. Consider yourself careful.
By now, you must have heard The above bug: This is a big, terrible security vulnerability (CVE-2021-44228) Is currently causing problems for a large part of the Internet Multiple vulnerabilities The ones that have been discovered but the primary ones are the ones that are causing the most problems). In fact, since its discovery in early December, log4j has forced the drives of the biggest companies on the web to scramble and patch their products and systems before they fall into the hands of criminal hackers. Tuesday FTC Has issued a stern warning Companies that do not fully prioritize this whole process.
“It’s important that companies and their vendors rely on Log4j now to act in order to reduce the risk of loss to customers and to avoid FTC legal action,” the company said. A statementNote that the corresponding bugs currently “pose a serious risk to millions of consumer products of enterprise software and web applications.” The FTC added that it would “exercise its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure to Log4j, or similar known vulnerabilities in the future.”
The FTC has the power to sue companies for sub-standard security practices that endanger customer data. (2015 a U.S. Court of Appeals judgment As far as decided.) This is not the first time that the FTC has taken action against companies for not doing enough to protect people’s data. In 2017, for example, The FTC has sued Taiwanese IoT hardware provider D-Link and its American subsidiary for misrepresenting the security of its smart home products. The company too Helped safely 2019 7o0 million settlement from Equifax in 2019 A catastrophic data breach.
The new FTC announcement may sound a little aggressive, but it’s certainly wise; The log4j vulnerability has already caused a lot of problems, one of which Cascade of malicious activity And a number of high-profile Hacking incidents. Bugs, which exist in the free, open-source logging library of Apache, are used by most major platforms on which most Americans rely. (Think of brands like Amazon, Apple, Cloudflare, Twitter, LinkedIn, etc.)
The FTC also provided a link to the latest Apache software package update in its announcement to provide some support to businesses rather than just legal threats, as well as guidance from the Cybersecurity and Infrastructure Security Agency on how to mitigate vulnerabilities. If you are interested, you can check out all that Here. And if you’re a company, just patch it up already.