Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Chinese regulators suspend Alibaba Cloud over failure to report Log4j vulnerability

22 декабря 2021 г Hi-network.com

Chinese media outlets have reported that Alibaba Cloud is facing backlash from government regulators after they reported the Log4J vulnerability to Apache before the Ministry of Industry and Information Technology (MIIT).

more Log4j

  • Log4j zero-day: How to protect yourself
  • Apache releases new 2.17.0 patch
  • Security firm discovers new attack vector
  • 10 questions you need to be asking
  • Governments release Log4j advisory
  • So far, nearly half of corporate networks have been attacked
  • US: Hundreds of millions of devices at risk

21st Century Business Herald said local reporters were informed on Wednesday that the Cyber Security Administration of the MIIT was suspending its information-sharing partnership with Alibaba Cloud for six months, specifically citing the failure to report Log4J as the reason why. 

Chen Zhaojun, a security engineer at Alibaba Cloud, was identified by Bloomberg News as the first person to discover the Log4J vulnerability and report it to Apache. Zhaojun told Apache on November 24, and a third party later informed the MIIT in a report on December 9, according toReuters

"Recently, after discovering serious security vulnerabilities in the Apache Log4j2 component, Alibaba Cloud failed to report to the telecommunications authorities in a timely manner and did not effectively support the Ministry of Industry and Information Technology to carry out cyber security threats and vulnerability management" the local media report said. 

The Chinese government has sought to get a better handle on cybersecurity and privacy in recent months, passing multiple laws and issuing warnings to major companies about the need to protect data shared outside of China. 

Alibaba was hit with a record 18.2 billion yuan fine, and 33 other mobile apps have faced criticism from Beijing for their data collection policies. Didi has faced a major cybersecurity review, while Alibaba and Tencent have come under government scrutiny in recent months as well.  

In November, the Cyberspace Administration of China unveiled a new set of laws that reclassified data and laid out multiple sets of fines for violations of cybersecurity policy.

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Горячие метки: Правительство российской федерации Правительство: Азия

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.