US warns hundreds of millions of devices at risk from newly revealed software vulnerability
Technology 09:33 PM - 2021-12-14
Hundreds of millions of devices around the world could be exposed to a newly revealed software vulnerability, as a senior Biden administration cyber official warned executives from major US industries Monday that they need to take action to address "one of the most serious" flaws she has seen in her career.
As major tech firms struggle to contain the fallout, US officials held a call with industry executives warning that hackers are actively exploiting the vulnerability.
For now, cybersecurity analysts told CNN, the pressure is on tech companies to clean up their software code and on big businesses to figure out if they are affected by the flaw. But because the vulnerability is so widespread, and likely present in things like popular apps and websites, consumers could also feel the fallout if those services get hacked.
"This vulnerability is one of the most serious that I've seen in my entire career, if not the most serious," Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said on a phone call shared with CNN. Big financial firms and health care executives attended the phone briefing.
"We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents," Easterly said.
CNN has reached out to CISA for comment on the call. CyberScoop, a technology news site, first reported on contents of the call.
It's the starkest warning yet from US officials about the software flaw since news broke late last week that hackers were using it to try to break into organizations' computer networks. It's also a test of new channels that federal officials have set up for working with industry executives after the widespread hacks exploiting SolarWinds and Microsoft software revealed in the last year.
Experts told CNN it could take weeks to address the vulnerabilities and that suspected Chinese hackers are already attempting to exploit it.
The vulnerability is in Java-based software known as "Log4j" that large organizations, including some of the world's biggest tech firms, use to log information in their applications. Tech giants like Amazon Web Services and IBM have moved to address the bug in their products.
It offers a hacker a relatively easy way to access an organization's computer server. From there, an attacker could devise other ways to access systems on an organization's network.
The Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply.
PUKmedia / CNN
More news
-
Qubad Talabani: Kurdish Teachers Have Always Defended & Sacrificed for Our Nation
09:43 AM - 2024-05-15 -
IHEC Resumes Elections' Preparation in Kurdistan Region
11:32 AM - 2024-05-14 -
Kurdistan Toilers' Party Praises PUK's Stances
02:54 PM - 2024-05-13 -
Iraqi President: Baghdad-Erbil Agreements Must be Activated
10:41 AM - 2024-05-12
see more
P.U.K 12:28 PM - 2024-05-14 PUK President: I Have Full Confidence in the Capabilities of My Country's Youth
PUK President: We Oppose Attempts to Obstruct Elections
09:20 AM - 2024-05-14
Europe's Most Wanted Human Trafficker Arrested in Sulaymaniyah
04:08 PM - 2024-05-13
Iraqi President: Food Security is At Stake
11:37 AM - 2024-05-12
PUK President: We Believe in Genuine Partnership in Running the Country
08:48 PM - 2024-05-11
Most read
-
PUK President: I Have Full Confidence in the Capabilities of My Country's Youth
P.U.K 12:28 PM - 2024-05-14 -
IHEC Resumes Elections' Preparation in Kurdistan Region
Kurdistan 11:32 AM - 2024-05-14 -
Qubad Talabani: Kurdish Teachers Have Always Defended & Sacrificed for Our Nation
Kurdistan 09:43 AM - 2024-05-15