CyberNews Briefs

Alibaba Suffers Government Crackdown Over Log4j

Alibaba, a Chinese tech giant, has reportedly been criticized by China’s top tech regulator for failing to report the infamous Log4j vulnerability quick enough. The firm’s Alibaba Cloud business did not report the flaw to the Ministry of Industry and Information Technology (MIIT) in a timely manner as required by Provisions on Security Loopholes of Network Products, a protocol enacted by China as of September. The protocol mandates that vulnerabilities are reported immediately to the manufacturer and within two days to Chinese authorities. Due to the lack of timely reporting, Alibaba Cloud has been suspended from MIIT’s threat information sharing platform for six months.

Chen Zhaojun, a researcher at Alibaba Cloud, is credited with finding the first bug in the popular logging utility called “Log4Shell.” The vulnerability was given a CVSS severity score of 10, the highest rating allotted by the system. The utility is near-ubiquitous in enterprises, can be hard to find, and is easy to exploit, according to researchers. Although Chen reportedly notified Apache on November 21, MIIT only became aware of it on December 9.

Read More: Alibaba Suffers Government Crackdown Over Log4j

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.