Deficiency leads to 100 hack attempts per minute, security firm says

A widespread lack of computer code leads to 100 new hack attempts every minute, security firm says. Check Point said it had attempted to exploit vulnerabilities in more than 40% of the company's network worldwide.

An American official said the Log4shell vulnerability poses a "serious risk." The company warns that criminal groups are actively exploiting it. Corrections have been published but need to be implemented. Popular apps and cloud services are affected.

The code, written in the Java Log4J programming language that contains the error, is used by millions of computers running online services. And the ease with which hackers can exploit vulnerabilities is "similar to someone realizing that a letter to your inbox with a specific address could open all the doors in your house."

Cybersecurity professionals often use words like "critical" and "urgent" when a fatal bug is discovered. But in this crisis, another word appeared - "trivial." According to Crowdstrike, the flaws that everyone is trying to fix are "trivial."

When vulnerabilities are discovered in a computer system, there is often little time to fix them. Cybercriminals need to figure out how to attack, and usually, only the most innovative teams can do that in the first few hours.

But in this case, of course, very simple. We still don't know how many of these attack attempts were successful - but these incidents could cost the victim's business a lot.

Researchers at Chinese technology firm Alibaba discovered the flaw last month. But it caught the public's attention after it was found to affect several websites hosting Java-based versions of Minecraft.

Before the bug was published, the Apache Software Foundation, which monitors the Log4j code, issued a fix, giving the issue a "10" rating, the highest severity rating. Cloudflare's chief technology officer, John Graham-Cumming, told Verge he's only seen two other problems of similar severity in the last ten years.