Washington [US], December 14 (ANI): The US on Monday revealed a new software vulnerability and warned that hundreds of millions of devices are at risk.
A senior Biden administration cyber official, Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA) warned executives from major US industries that they need to take action to address “one of the most serious” flaws she has seen in her career, reported CNN.
As major tech firms struggle to contain the fallout from the incident, US officials held a call with industry executives warning that hackers are actively exploiting the vulnerability.
“This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,” said Easterly on a phone call shared with CNN. Big financial firms and health care executives attended the phone briefing.
“We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents,” Easterly said.
CNN has reached out to CISA for comment on the call. CyberScoop, a technology news site, first reported on the contents of the call.
It’s the starkest warning yet from US officials about the software flaw since news broke late last week that hackers were using it to try to break into organizations’ computer networks.
It’s also a test of new channels that federal officials have set up for working with industry executives after the widespread hacks exploiting SolarWinds and Microsoft software revealed in the last year.
Experts told CNN it could take weeks to address the vulnerabilities and that suspected Chinese hackers are already attempting to exploit them.
The vulnerability is in Java-based software known as “Log4j” that large organizations, including some of the world’s biggest tech firms, use to log information in their applications. Tech giants like Amazon Web Services and IBM have moved to address the bug in their products.
It offers a hacker a relatively easy way to access an organization’s computer server. From there, an attacker could devise other ways to access systems on an organization’s network.
The Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply.
Organizations are now in a race against time to figure out how if they have computers running the vulnerable software that were exposed to the internet. Cybersecurity executives across government and industry are working around the clock on the issue, reported CNN.
“We’re going to have to make sure we have a sustained effort to understand the risk of this code throughout US critical infrastructure,” Jay Gazlay, another CISA official, said on the phone call.
Chinese-government linked hackers have already begun using the vulnerability, according to Charles Carmakal, senior vice president and chief technology officer for cybersecurity firm Mandiant, reported CNN.
To address the issue, CISA said it would set up a public website with information on what software products were affected by the vulnerability, and the techniques that hackers were using to exploit it. (ANI)
24World Media does not take any responsibility of the information you see on this page. The content this page contains is from independent third-party content provider. If you have any concerns regarding the content, please free to write us here: contact@24worldmedia.com
5 Characteristics of Truth and Consequences in NM
How To Make Your Wedding More Accessible
Ensure Large-Format Printing Success With These Tips
4 Reasons To Consider an Artificial Lawn
The Importance of Industrial Bearings in Manufacturing
5 Tips for Getting Your First Product Out the Door
Most Popular Metal Alloys for Industrial Applications
5 Errors To Avoid in Your Pharmaceutical Clinical Trial
Ways You Can Make Your Mining Operation Cleaner
Tips for Starting a New Part of Your Life
Easy Ways To Beautify Your Home’s Exterior
Tips for Staying Competitive in the Manufacturing Industry