FTC warns of legal action against organizations that fail to patch Log4j flaw

Published by
Peter Kavinsky

U.S. organizations that fail to secure customer data against Log4Shell, a zero-day vulnerability in the widely-used Log4j Java logging library, could face legal repercussions, the Federal Trade Commission (FTC) has warned.

In an alert this week, the consumer protection agency warned that the “serious” flaw, first discovered in December, is being exploited by a growing number of attackers and poses a “severe risk” to millions of consumer products. The public letter urges organizations to mitigate the vulnerability in order to reduce the likelihood of harm to consumers and to avoid potential legal action.

“When vulnerabilities are discovered and exploited, it risks a loss or breach of personal information, financial loss and other irreversible harms,” the agency said. “The duty to take reasonable steps to mitigate known software vulnerabilities implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act. It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action.”

The FTC highlighted the case of Equifax, which failed to patch a known Apache Struts flaw back in 2017, leading to the compromise of sensitive info on 147 million consumers. The credit reporting agency subsequently agreed to pay $700 million to settle with the agency and individual states.

“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future,” the FTC said, adding that it plans to apply its legal authority to protect consumers in the cases of “similar known vulnerabilities in the future.”

For organizations keen to dodge a potential multi-million-dollar fine, the FTC is encouraging that they follow guidance issued by the US Cybersecurity and Infrastructure Security Agency (CISA). This urges businesses to update Log4j software packages to the most recent version, to take steps to mitigate the vulnerability, and to distribute information about the vulnerability to third-parties and consumers who may be vulnerable.

The FTC’s warning shot comes after Microsoft this week warned that the Log4Shell vulnerability remains a “complex and high-risk” situation for companies, adding that “exploitation attempts and testing remained high during the last weeks of December,” with lower-skilled attackers and nation-state actors alike taking advantage of the flaw.

“At this juncture, customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments,” it added. “Due to the many software and services that are impacted and given the pace of updates, this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance.”

Source: Tech

Peter Kavinsky

Peter Kavinsky is the Executive Editor at cablefreetv.org

Share
Published by
Peter Kavinsky

Recent Posts

  • News

Ancelotti will leave Real Madrid: “I’m leaving after the whites” | Sports

Italian Carlo Ancelotti, the Real Madrid coach, has pledged to retire as soon as his…

1 min ago
  • News

New details about the massacre in Montenegro. 11 people died due to rent disputes

A dispute over rent is believed to have led to a 34-year-old man killing 10…

6 mins ago
  • News

Kim recorded a video with General Marchenko

The head of Nikolaev's regional military administration, Vitaly Kim, informed the public that he is…

8 mins ago
  • News

Сбежавшие за границу звезды теряют деньги: билеты на Макаревича, Литвинову и Хаматову продаются плохо, гонорары пришлось снизить

- Андрей Макаревич переживает: если начнутся проблемы с визами, то его музыканты не смогут гастролироватьФото:…

13 mins ago
  • News

Madeira’s wild islands, the benchmark for marine protected areas | World

The Wild Islands, a remote area in the middle of the Atlantic belonging to the…

14 mins ago
  • News

Bank of America Business Advantage Unlimited Cash Reward Secure Credit Card Review – Forbes Advisor and More News

Bank of America® Business Advantage Unlimited Cash Reward Secure Credit Card* vs. Wells Fargo Business…

17 mins ago