1. A vulnerability in the open source Apache logging library Log4j sent system administrators and security professionals scrambling over the weekend. Known as Log4Shell, the flaw is exposing some of the world's most popular applications and services to attack, and the outlook hasn't improved since the vulnerability came to light on Thursday. If anything, it's now excruciatingly clear that Log4Shell will continue to wreak havoc across the internet for years to come. Hackers have been exploiting the bug since the beginning of the month, according to researchers from Cisco and Cloudflare. But attacks ramped up dramatically following Apache's disclosure on Thursday. So far, attackers have exploited the flaw to install crypto-miners on vulnerable systems, steal system credentials, burrow deeper within compromised networks, and steal data, according to a recent report from Microsoft. (via wired.com)
2. Cyber-warfare “(I)t has become clear that like all realms of conflict, the domain of cyberspace is shaped not by a binary between war and peace but by a spectrum between those two poles—and most cyberattacks fall somewhere in that murky space. The obvious upside of this outcome is that the worst fears of death and destruction have not been realized. There is a downside, however: the complex nature of cyber-conflict has made it more difficult for the United States to craft an effective cyber-strategy. And even if lives have not been lost and infrastructure has mostly been spared, it is hardly the case that cyberattacks have been harmless. U.S. adversaries have honed their cyber-skills to inflict damage on U.S. national security, the American economy, and, most worrisome of all, American democracy. Meanwhile, Washington has struggled to move past its initial perception of the problem, clinging to outmoded ideas that have limited its responses. The United States has also demonstrated an unwillingness to consistently confront its adversaries in the cyber-realm and has suffered from serious self-inflicted wounds that have left it in a poor position to advance its national interests in cyberspace.” (via foreignaffairs.com)
3. For decades, American military planning was based on the idea that the US should be able to fight two wars, in different parts of the world, simultaneously. But even the gloomiest strategists did not plan for three wars at the same time. The administration of Joe Biden, however, is currently facing militarised crises in Europe, Asia and the Middle East. Collectively, they amount to the biggest challenge to America’s global power since the end of the cold war. American officials have briefed that Russia is planning an invasion of Ukraine “as soon as early 2022.” Meanwhile, Lloyd Austin, America’s defence secretary, has warned that China’s military maneuvers near Taiwan look like rehearsals for a full-scale invasion. Iran may also be weeks away from creating enough fissile material to manufacture a nuclear weapon — an outcome the US has spent decades trying to stop. Ambrose Evans-Pritchard wrote a very similar column on this subject five days ago. (via ft.com, telegraph.co.uk)
Keep reading with a 7-day free trial
Subscribe to News Items to keep reading this post and get 7 days of free access to the full post archives.