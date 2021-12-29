Sign up for our daily briefing

Attackers in China using open-source Log4j flaw

Ina Fried
Ina Fried, author of Login

Illustration: Annelise Capossela/Axios

A group of Chinese attackers has been using the massive vulnerability in Log4j, common piece of open-source code, to target a large academic institution, Crowdstrike says.

Why it matters: Experts say hundreds of millions of systems are vulnerable and that attacks based on the flaw are continuing.

The latest: CrowdStrike said its software observed an attack that exploited the Log4j flaw in software from VMware.

  • The attack came from a China-based group dubbed Aquatic Panda that has been conducting intelligence gathering and industrial espionage, CrowdStrike said.

The big picture: Some security experts, including Cybersecurity and Infrastructure Security Agency (CISA) head Jen Easterly, have called the flaw among the worst they have ever seen.

  • Experts have told Axios the Log4j flaw is especially pernicious because the open source software is widely used within business software and networking gear — often without companies even knowing it is being used. On top of that, the flaw is easily exploited and can provide extensive access.

Be smart: CISA is maintaining a list of known affected products here.

Go deeper:

Go deeper

Barak Ravid, author of from Tel Aviv
8 mins ago - World

Israeli defense minister hosts Palestinian president for rare meeting

Mahmoud Abbas. Photo: Mikhail Svetlov/Getty Images

Palestinian President Mahmoud Abbas visited the home of Israeli Defense Minister Benny Gantz on Tuesday for his first official meeting in Israel since 2010.

Why it matters: This was the second meeting between Abbas and Gantz in four months, and is part of a broader effort by Israel's new government and the Palestinian Authority to reset relations.

Go deeper (2 min. read)Arrow
Axios
Updated 36 mins ago - Politics & Policy

Omicron dashboard

Illustration: Shoshana Gordon/Axios

  1. Health: CDC slashes estimate of Omicron case prevalence — Over 85 cruise ships under CDC investigation following outbreaks.
  2. Politics: Trump surgeon general slams new CDC guidelines on isolation — "We have more work to do" on testing capacity, Biden says.
  3. Sports: NBA cuts isolation time for some players who test positive.
  4. States: Federal court denies Oklahoma's attempt to block Pentagon vaccine mandate — D.C. has highest rate of infection in the U.S., report says — NYC schools to reopen with huge testing boost.
  5. World: India authorizes 2 vaccines — Delta says flight to Shanghai turned back due to COVID rules.
  6. Variant tracker: Where different strains are spreading.
Go deeper (1 min. read)Arrow
Erin Doherty
3 hours ago - Politics & Policy

Top health officials defend CDC's change to COVID isolation period

Top health officials in the Biden administration are pushing back against criticism of the Centers for Disease Control and Prevention's move to cut the recommended isolation time for people who test positive for COVID-19 from 10 days to five days if they're asymptomatic.

Driving the news: "This is one of those situations ... that we often say, you don't want the perfect to be the enemy of the good," NIAID director Anthony Fauci told MSNBC's Chris Hayes on Tuesday.

Go deeper (1 min. read)Arrow