China suspends Alibaba Cloud over failure to report Log4j flaw
China’s internet regulator, the Ministry of Industry and Information Technology (MIIT), has temporarily suspended the partnership with Alibaba Cloud for six months due to the fact that it failed to promptly inform the government about a critical security vulnerability affecting the widely used Log4j logging library.
Local reporters were informed that the Cyber Security Administration of the MIIT was suspending its information-sharing partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group for six months after they reported the Log4J vulnerability to Apache before the MIIT.
Chen Zhaojun, a security engineer at Alibaba Cloud, was the first person to discover the Log4J vulnerability and report it to Apache. He reported to Apache on November 24 and a third party later informed the MIIT in a report on December 9.
According to local media report, Alibaba Cloud on discovering serious security vulnerabilities in the Apache Log4j2 component, failed to report to the telecommunications authorities in a timely manner and did not effectively support the MIIT to carry out cyber security threats and vulnerability management.
China has recently put into effect a new law that makes it mandatory for all companies to report vulnerabilities to state regulators within two days.
The Chinese government was looking to get a better handle on cybersecurity and privacy in recent months, passing multiple laws and issuing warnings to major companies about the need to protect data shared outside of China.
Alibaba was hit with a record 18.2 billion yuan fine and 33 other mobile apps have faced criticism from Beijing for their data collection policies.
Image Credits : Data Center Knowledge
The post China suspends Alibaba Cloud over failure to report Log4j flaw first appeared on Cybersafe News.