The United States disclosed a new software vulnerability on Monday, and warned that hundreds of millions of devices at risk. According to CNN, Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), a senior Biden administration cyber official, warned executives from major US organizations that they must take action to fix “one of the most serious” flaws she has seen in her career.
As major tech companies struggle to deal with the impact from the breach, US officials convened a call with industry executives, warning that hackers are actively exploiting the flaw.
Easterly on a phone call shared with CNN, said “This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,”
The phone briefing was attended by executives from major financial firms and the health-care industry.
Easterly said, “We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents,”
Experts told CNN that patching the flaws may take weeks, and that suspected Chinese hackers are already trying to exploit them.
The flaw is in Java-based software called “Log4j,” which is used by large businesses, including some of the world’s largest tech companies, to log information in their applications. Amazon Web Services and IBM, for example, have taken steps to fix the flaw in their products.
It gives a hacker a relatively easy way to gain access to a company’s computer server. An attacker could then create other ways to get access systems on a company’s network.
To address the issues, CISA revealed that it would create a public website with information on which software products were affected by the flaw and the techniques that hackers were employing to exploit it.