German Cybersecurity Watchdog Warns Of Danger At Log4j

JAKARTA - Germany's federal government cybersecurity watchdog, BSI, on Saturday, December 11 issued a red alert, the highest level of warning, on a flawed piece of widely used software. They said it was a "very critical threat" to web servers.

A vulnerability in a Java-based library known as Log4j could be exploited to allow a complete takeover of an affected system, BSI said in a statement on its website.

"The reason for this assessment is the very wide distribution of the affected product and the associated impact on countless other products. The vulnerability is also easy to exploit, and proof of concept is publicly available," BSI said as quoted by Reuters.

"BSI is aware of worldwide and German mass scanning and compromise attempts. Successful initial compromises were also publicly reported," he added.

BSI says that while there is a security update for Log4j, all products that use it will also need to adapt. They recommend that companies and organizations implement the steps outlined in the cybersecurity warning.