As major tech firms struggle to contain the fallout from the incident, US officials held a call with industry executives warning that hackers are actively exploiting the vulnerability.
“This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,” Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said on a phone call shared with CNN. Big financial firms and health care executives attended the phone briefing.
“We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents,” Easterly said.
It’s the starkest warning yet from US officials about the software flaw since news broke late last week that hackers were using it to try to break into organizations’ computer networks. It’s also a test of new channels that federal officials have set up for working with industry executives after the widespread hacks exploiting SolarWinds and Microsoft software revealed in the last year.
Experts told CNN it could take weeks to address the vulnerabilities and that suspected Chinese hackers are already attempting to exploit it.
It offers a hacker a relatively easy way to access an organization’s computer server. From there, an attacker could devise other ways to access systems on an organization’s network.
The Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply.
Race against time to address flaw
Source : cnn
