A critical vulnerability in a widely used software tool — one quickly exploited in the online game Minecraft — is rapidly emerging as a major threat to organizations around the world.
“The Internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike.
“People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He said on Friday that in the 12 hours since the bug’s existence was disclosed that it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it.
The flaw may be the worst computer vulnerability discovered in years.
It was uncovered in an open-source logging tool that is ubiquitous in cloud servers and enterprise software used across industry and government. Unless it is fixed, it grants criminals, spies and programming novices alike easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.
“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors. Untold millions of servers have it installed, and experts said the fallout would not be known for several days.
Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” — and possibly the biggest in the history of modern computing.
The vulnerability, dubbed ‘Log4Shell,’ was rated 10 on a scale of one to 10 the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software,
Experts said the extreme ease with which the vulnerability lets an attacker access a web server — no password required — is what makes it so dangerous.
New Zealand’s computer emergency response team was among the first to report that the flaw was being “actively exploited in the wild” just hours after it was publicly reported on Thursday and a patch released.
The vulnerability, located in open-source Apache software used to run websites and other web services, was reported to the foundation on Nov. 24 by the Chinese tech giant Alibaba, it said. It took two weeks to develop and release a fix.
But patching systems around the world could be a complicated task. While most organizations and cloud providers such as Amazon should be able to update their web servers easily, the same Apache software is also often embedded in third-party programs, which often can only be updated by their owners.
Mr Yoran, of Tenable, said organizations need to presume they’ve been compromised and act quickly.
The first obvious signs of the flaw’s exploitation appeared in Minecraft, an online game hugely popular with kids and owned by Microsoft. Mr Meyers and security expert Marcus Hutchins said Minecraft users were already using it to execute programs on the computers of other users by pasting a short message in a chat box.
Microsoft said it had issued a software update for Minecraft users.
“Customers who apply the fix are protected,” it said.
Researchers reported finding evidence the vulnerability could be exploited in servers run by companies such as Apple, Amazon, Twitter and Cloudflare.
Mr Sullivan of Cloudflare said there we no indication his company’s servers had been compromised.
The Library: A Catalogue of Wonders
Stuart Kells, Counterpoint Press
Gothia Cup 2025
4,872 matches
1,942 teams
116 pitches
76 nations
26 UAE teams
15 Lebanese teams
2 Kuwaiti teams
more from Janine di Giovanni
READ MORE ABOUT CORONAVIRUS
Small%20Things%20Like%20These
%3Cp%3EDirector%3A%20Tim%20Mielants%3Cbr%3ECast%3A%20Cillian%20Murphy%2C%20Emily%20Watson%2C%20Eileen%20Walsh%3Cbr%3ERating%3A%204%2F5%3C%2Fp%3E%0A
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
The%20specs%20
%3Cp%3E%3Cstrong%3EEngine%3A%20%3C%2Fstrong%3E2.0-litre%204cyl%20turbo%0D%3Cbr%3E%3Cstrong%3EPower%3A%20%3C%2Fstrong%3E261hp%20at%205%2C500rpm%0D%3Cbr%3E%3Cstrong%3ETorque%3A%20%3C%2Fstrong%3E400Nm%20at%201%2C750-4%2C000rpm%0D%3Cbr%3E%3Cstrong%3ETransmission%3A%20%3C%2Fstrong%3E7-speed%20dual-clutch%20auto%0D%3Cbr%3E%3Cstrong%3EFuel%20consumption%3A%20%3C%2Fstrong%3E10.5L%2F100km%0D%3Cbr%3E%3Cstrong%3EOn%20sale%3A%20%3C%2Fstrong%3ENow%0D%3Cbr%3E%3Cstrong%3EPrice%3A%20%3C%2Fstrong%3EFrom%20Dh129%2C999%20(VX%20Luxury)%3B%20from%20Dh149%2C999%20(VX%20Black%20Gold)%3C%2Fp%3E%0A
HIJRA
Starring: Lamar Faden, Khairiah Nathmy, Nawaf Al-Dhufairy
Director: Shahad Ameen
Rating: 3/5
Results:
5pm: Maiden (PA) | Dh80,000 | 1,200 metres
Winner: Jabalini, Szczepan Mazur (jockey), Younis Kalbani (trainer)
5.30pm: UAE Arabian Derby (PA) | Prestige | Dh150,000 | 2,200m
Winner: Octave, Gerald Avranche, Abdallah Al Hammadi
6pm: Arabian Triple Crown Round 3 (PA) | Group 3 Dh300,000 | 2,200m
Winner: Harrab, Richard Mullen, Mohamed Ali
6.30pm: Emirates Championship (PA) | Group 1 | Dh1million | 2,200m
Winner: BF Mughader, Szczepan Mazur, Younis Al Kalbani
7pm: Abu Dhabi Championship (TB) | Group 3 | Dh380,000 | 2,200m
Winner: GM Hopkins, Patrick Cosgrave, Jaber Ramadhan
7.30pm: Wathba Stallions Cup (PA) | Conditions | Dh70,000 | 1,600m
Winner: AF La’Asae, Tadhg O’Shea, Ernst Oertel
More from Rashmee Roshan Lall
A cryptocurrency primer for beginners
Cryptocurrency Investing for Dummies – by Kiana Danial
There are several primers for investing in cryptocurrencies available online, including e-books written by people whose credentials fall apart on the second page of your preferred search engine.
Ms Danial is a finance coach and former currency analyst who writes for Nasdaq. Her broad-strokes primer (2019) breaks down investing in cryptocurrency into baby steps, while explaining the terms and technologies involved.
Although cryptocurrencies are a fast evolving world, this book offers a good insight into the game as well as providing some basic tips, strategies and warning signs.
Begin your cryptocurrency journey here.
Available at Magrudy’s , Dh104
Tewellah by Nawal Zoghbi is out now.
What vitamins do we know are beneficial for living in the UAE
Vitamin D: Highly relevant in the UAE due to limited sun exposure; supports bone health, immunity and mood.
Vitamin B12: Important for nerve health and energy production, especially for vegetarians, vegans and individuals with absorption issues.
Iron: Useful only when deficiency or anaemia is confirmed; helps reduce fatigue and support immunity.
Omega-3 (EPA/DHA): Supports heart health and reduces inflammation, especially for those who consume little fish.
What can victims do?
Always use only regulated platforms
Stop all transactions and communication on suspicion
Save all evidence (screenshots, chat logs, transaction IDs)
Report to local authorities
Warn others to prevent further harm
Courtesy: Crystal Intelligence
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Nag%20Ashwin%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%20%3C%2Fstrong%3EPrabhas%2C%20Saswata%20Chatterjee%2C%20Deepika%20Padukone%2C%20Amitabh%20Bachchan%2C%20Shobhana%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%20%3C%2Fstrong%3E%E2%98%85%E2%98%85%E2%98%85%E2%98%85%3C%2Fp%3E%0A
