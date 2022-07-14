A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden.



The Cyber Safety Review Board said in a report Thursday that while there hasn’t been sign of any major cyberattack due to the Log4j flaw, it will still “be exploited for years to come.”



“Log4j is one of the most serious software vulnerabilities in history,” the board’s chairman, Department of Homeland Security Under Secretary Rob Silvers, told reporters Wednesday.



The Log4j flaw, made public late last year, lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. The first obvious signs of the flaw’s exploitation appeared in Minecraft, a hugely popular online game owned by Microsoft.



The flaw’s discovery prompted urgent warnings by government officials and massive efforts by cybersecurity professionals to patch vulnerable systems.



The board said Thursday that “somewhat surprisingly” the exploitation of the Log4j bug had occurred at lower levels than experts predicted. The board also said that it was unaware of any “significant” Log4j attacks on critical infrastructure systems but noted that some cyberattacks go unreported.



The board said future attacks are likely in large part because Log4j is routinely embedded with other software and can be hard for organizations to find running in their systems.



“This event is not over,” Silvers said.



Log4j, written in the Java programming language, logs user activity on computers. Developed and maintained by a handful of volunteers under the auspices of the open-source Apache Software Foundation, it is extremely...