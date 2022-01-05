U.S. markets close in 3 hours 7 minutes

  • S&P 500

    4,778.14
    -15.40 (-0.32%)
     

  • Dow 30

    36,893.24
    +93.59 (+0.25%)
     

  • Nasdaq

    15,411.92
    -210.79 (-1.35%)
     

  • Russell 2000

    2,256.77
    -12.11 (-0.53%)
     

  • Crude Oil

    78.38
    +1.39 (+1.81%)
     

  • Gold

    1,824.10
    +9.50 (+0.52%)
     

  • Silver

    23.14
    +0.08 (+0.36%)
     

  • EUR/USD

    1.1346
    +0.0056 (+0.50%)
     

  • 10-Yr Bond

    1.6820
    +0.0140 (+0.84%)
     

  • GBP/USD

    1.3587
    +0.0060 (+0.44%)
     

  • USD/JPY

    115.9780
    -0.1480 (-0.13%)
     

  • BTC-USD

    46,213.31
    -643.00 (-1.37%)
     

  • CMC Crypto 200

    1,179.13
    -3.47 (-0.29%)
     

  • FTSE 100

    7,516.87
    +11.72 (+0.16%)
     

  • Nikkei 225

    29,332.16
    +30.37 (+0.10%)
     

FTC warns of legal action against organizations that fail to patch Log4j flaw

Carly Page
·2 min read

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely-used Log4j Java logging library, could face legal repercussions, the Federal Trade Commission (FTC) has warned.

In an alert this week, the consumer protection agency warned that the "serious" flaw, first discovered in December, is being exploited by a growing number of attackers and poses a “severe risk” to millions of consumer products. The public letter urges organizations to mitigate the vulnerability in order to reduce the likelihood of harm to consumers and to avoid potential legal action.

“When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss and other irreversible harms,” the agency said. “The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.”

The FTC highlighted the case of Equifax, which failed to patch a known Apache Struts flaw back in 2017, leading to the compromise of sensitive info on 147 million consumers. The credit reporting agency subsequently agreed to pay $700 million to settle with the agency and individual states.

“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future,” the FTC said, adding that it plans to apply its legal authority to protect consumers in the cases of “similar known vulnerabilities in the future.”

For organizations keen to dodge a potential multi-million-dollar fine, the FTC is encouraging that they follow guidance issued by the US Cybersecurity and Infrastructure Security Agency (CISA). This urges businesses to update Log4j software packages to the most recent version, to take steps to mitigate the vulnerability, and to distribute information about the vulnerability to third-parties and consumers who may be vulnerable.

The FTC’s warning shot comes after Microsoft this week warned that the Log4Shell vulnerability remains a “complex and high-risk” situation for companies, adding that “exploitation attempts and testing remained high during the last weeks of December,” with lower-skilled attackers and nation-state actors alike taking advantage of the flaw.

“At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments,” it added. “Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance."

The race is on to patch Log4Shell, the bug that’s breaking the internet

Recommended Stories

  • Senseonics Expects FDA Nod For Next-Gen Eversense Glucose Monitoring System In Coming Weeks

    Issuing an operational update, Senseonics Holdings Inc (NYSE: SENS) said FDA review for the PMA supplement for the next generation Eversense 180-day CGM system is nearing completion. All queries raised have been answered, and an approval decision is expected in the coming weeks. The Company expects to initiate the transition to the new product in Q2 2022 Reiterating financial outlook expectation for FY21, the Company sees sales of $12.0 million - $15.0 million. "We understand that the FDA is at

  • Biden Launches Plan to Fight Meatpacker Giants on Inflation

    (Bloomberg) -- President Joe Biden promised to “fight for fairer prices” for farmers and consumers Monday as he announced plans to combat the market power of the giant conglomerates that dominate meat and poultry processing.Most Read from BloombergOmicron Cases Are Hitting Highs, But New Data Put End in SightU.S. Sets Global Daily Record of Over 1 Million Virus CasesPolice Pinpoint Starting Point of Historic Colorado WildfireIvanka Trump, Donald Trump Jr. Subpoenaed in Asset ProbeU.S. Catches Kr

  • Biden economic adviser calls expiring Child Tax Credit expansion just one piece of a bigger puzzle

    When Democrats passed one year of an expanded Child Tax Credit within the $1.9 trillion American Rescue Plan, many of the credit's supporters hoped it would become permanent.

  • Former CFTC chairman blasts Biden approach to crypto regulation as ‘reactionary’

    Believers in the transformative power of the blockchain have labeled the rise of bitcoin and other cryptocurrencies a revolution, implicitly placing financial industry incumbents and federal regulators in the role of anxious reactionaries.

  • 'He Is Not Your Commander-in-Chief:' Texas Governor Promises Guardsmen He'll Fight Biden Over Vaccine Mandate

    Texas Gov. Greg Abbott is digging in against COVID-19 vaccinations and related mandates.

  • Starbucks to Require Vaccines or Weekly Testing for U.S. Workers

    Employees who aren't vaccinated must be tested by a doctor or pharmacist, not with an at-home test, and they must obtain and pay for the tests on their own, the company said Monday.

  • UPDATE 1-U.S. lawmakers weigh new COVID-19 stimulus funding -report

    U.S. lawmakers are discussing another possible round of COVID-19 stimulus spending for businesses, seeking to blunt the impact of the fast-spreading Omicron variant, the Washington Post reported on Wednesday. Early efforts by Democratic and Republican lawmakers have focused primarily on authorizing billions of dollars to help businesses including restaurants, performance venues, gyms and minor league sports teams, the report said, citing four people familiar with the matter. The White House declined to comment to the Washington Post, as did two lawmakers cited as behind the talks.

  • Capitol Police chief appears before Senate panel

    U.S. Capitol Police Chief Thomas Manger testifies before the Senate Rules Committee about the Jan. 6 attack on the Capitol.

  • The next US civil war is already here – we just refuse to see it

    The right has recognized that the system is in collapse, and it has a plan: violence and solidarity with treasonous far-right factions On the edge of civil war? The political problems are both structural and immediate, the crisis both long-standing and accelerating. Illustration: Anthony Gerace/The Guardian Nobody wants what’s coming, so nobody wants to see what’s coming. On the eve of the first civil war, the most intelligent, the most informed, the most dedicated people in the United States co

  • High court confirms justices have received COVID-19 booster

    The Supreme Court says all nine justices have received COVID-19 booster shots. The court's confirmation came Tuesday amid the omicron variant surging and in-person arguments over vaccines scheduled at the court on Friday. The court confirmed that the justices have received boosters only after The Associated Press published a story saying the high court would not say whether the justices had received a third dose of the vaccine.

  • Riot shields and metal detectors are a reminder of deadly U.S. Capitol assault

    WASHINGTON (Reuters) -A year after then-President Donald Trump's supporters launched a deadly assault on the U.S. Capitol, signs of heightened security are visible everywhere, from police riot shields ready near doorways to metal detectors outside the House of Representatives chamber. Miles of steel fencing that ringed the Capitol complex after the riot came down in July. The thousands of armed National Guard troops deployed immediately after the Jan. 6, 2021, attack have long gone home.

  • Biden 'Overpromised and Underdelivered' on Climate. Now, Trouble Looms in 2022.

    WASHINGTON — As the new year opens, President Joe Biden faces an increasingly narrow path to fulfill his ambitious goal of slashing the greenhouse gases generated by the United States that are helping to warm the planet to dangerous levels. His Build Back Better Act, which contains $555 billion in proposed climate action, is in limbo on Capitol Hill. The Supreme Court is set to hear a pivotal case in February that could significantly restrict his authority to regulate the carbon dioxide that spe

  • Xcel Energy scrambles to restore service to thousands in Boulder County

    Hundreds of utility crews are going house-to-house, and Xcel has given out 20,000 space heaters as two communities assess the disaster.

  • House Republicans say Capitol is no safer a year after Jan. 6 attacks, slam Democrats for 'partisan' probe

    House Republicans warned that the Capitol is no more secure a year after the deadly Jan. 6 attack, slamming House Democrats for failing to implement proposed security reforms and instead focusing on their "partisan" investigation into the origin of the incident.

  • New Oregon marijuana rules let customers buy more, and from farther away

    Officials say the rules will help streamline industry oversight, decrease violations, expand consumer choices and help prevent children from accessing THC.

  • Biden urges concern but not alarm in US as omicron rises

    President Joe Biden urged concern but not alarm as the United States set records for daily reported COVID-19 cases and his administration struggled to ease concerns about testing shortages, school closures and other disruptions caused by the omicron variant. In remarks Tuesday before a meeting with his COVID-19 response team at the White House, Biden aimed to convey his administration's urgency in addressing omicron and convince wary Americans that the current situation bears little resemblance to the onset of the pandemic or last year's deadly winter. “You can still get COVID, but it’s highly unlikely, very unlikely, that you’ll become seriously ill," Biden said of vaccinated people.

  • Hong Kong leader says news outlets' closure not a sign of decline in press freedom

    Hong Kong leader Carrie Lam said on Tuesday that the recent closures of two news outlets do not reflect press freedoms throughout the city. Lam said "if they decided to cease operation out of their own concerns, I think this is nothing out of the ordinary," adding that Hong Kong authorities do "not seek to crack down on press freedom," according to The Associated Press."For none of the media outlets, we did not do anything. They were never...

  • To Fight Inflation, the White House Offers $1 Billion to Independent Meatpackers

    As part of an effort to combat inflation by fostering increased marketplace competition, the federal government will spend $1 billion to support independent producers of meat and poultry, the Biden administration said Monday. In a statement announcing the move, the White House said the meatpacking industry is a “textbook example” of the market concentration that has contributed to the sharp increase in prices throughout the U.S. economy in recent months, with middlemen jacking up prices at the e

  • Update: Park official says Blue Streak coaster was being demolished before fire broke out

    The Blue Streak was being demolished when the call came in as a controlled burn that spread to the coaster structures, according to fire officials.

  • Several Southern California beaches reopen after massive sewage spill

    All swimming beaches in Long Beach remain closed, but others in L.A. and Orange counties have reopened after a sewer main failure leaked up to 7 million gallons of waste.