The pushback from MIIT arrives months after the Chinese government issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws, alongside entities or individuals engaged in network product security vulnerability discovery, to report them first-hand to the government authorities mandatorily within two days. "This vulnerability may cause the device to be remotely controlled, which will cause serious hazards such as theft of sensitive information and device service interruption," the MIIT had previously said in a public statement published on December 17, adding it was only made aware of the flaw on December 9, 15 days after the initial disclosure. Israeli security firm Check Point noted that it has blocked over 4.3 million exploitation attempts so far, with 46% of those intrusions made by known malicious groups. Worried about insider threats? We've got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management. Shield Against Insider Threats: Master SaaS Security Posture Management
#Alibaba china series#
In the ensuing days, further investigation into Log4j by the cybersecurity community has since uncovered three more weaknesses in the Java-based tool, prompting the project maintainers to ship a series of security updates to contain real-world attacks exploiting the flaws. Post the bug's public disclosure, Log4Shell has been subjected to widespread exploitation by threat actors to take control of susceptible servers, thanks to the near-ubiquitous use of the library, which can be found in a variety of consumer and enterprise services, websites, and applications - as well as in operational technology products - that rely on it to log security and performance information.
#Alibaba china Patch#
Log4Shell came to light after Chen Zhaojun of Alibaba cloud security team sent an email alerting the Apache Software Foundation (ASF) on November 24 about the flaw, adding that it "has a major impact." But just as the fix was being put in place, details of the vulnerability were shared on a Chinese blogging platform by an unidentified actor on December 8, sending the Apache team scrambling to release a patch on December 10.
#Alibaba china code#
Tracked as CVE-2021-44228 (CVSS score: 10.0) and codenamed Log4Shell or LogJam, the catastrophic security shortcoming allows malicious actors to remotely execute arbitrary code by getting a specially crafted string logged by the software. "In response, MIIT suspended a cooperative partnership with the cloud unit regarding cybersecurity threats and information-sharing platforms." "Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China's telecommunications regulator," Reuters said. The development was disclosed by Reuters and South China Morning Post, citing a report from 21st Century Business Herald, a Chinese business-news daily newspaper.
China's internet regulator, the Ministry of Industry and Information Technology (MIIT), has temporarily suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months on account of the fact that it failed to promptly inform the government about a critical security vulnerability affecting the broadly used Log4j logging library.
0 kommentar(er)
