U.S. warns hundreds of millions of devices at risk of newly discovered software vulnerabilities

Read Time:3 Minute, 21 Second


As major technology companies work hard to contain the impact, US officials held conference calls with industry executives to warn hackers that they are actively exploiting the vulnerability.

Currently, network security analysts tell CNN that the pressure on technology companies is to clean up their software code, while large companies need to figure out whether they are affected by the vulnerability. However, because the vulnerability is very common, and it is likely to exist in popular applications and websites, if these services are hacked, consumers may also be affected.

Eastley said: “We expect that the vulnerability will be widely used by sophisticated actors, and we have a limited time to take the necessary measures to reduce the possibility of destructive events.”

CNN has contacted CISA for comments. CyberScoop, a technology news site, first reported the content of the call.

This is the harshest warning issued by U.S. officials of the software defect since news broke late last week that hackers were using it to try to break into the organization’s computer network. This is also a test of a new channel established by federal officials to collaborate with industry executives after exposing widespread hacking attacks using SolarWinds and Microsoft software last year.

New White House policy allows agencies to assess cyberattacks for potential national security issues within 24 hours

Experts told CNN that it may take several weeks to resolve these vulnerabilities, and it is suspected that Chinese hackers are already trying to exploit it.

The vulnerability exists in a Java-based software called “Log4j” that is used by large organizations (including some of the world’s largest technology companies) to log information in their applications. Tech giants such as Amazon Web Services and IBM have taken action to resolve errors in their products.

It provides a relatively simple method for hackers to access the organization’s computer server. From there, attackers can devise other methods to access systems on the organization’s network.

The Apache Software Foundation, which manages the Log4j software, has released security fixes for organizations to apply.

Race against time to solve defects

However, according to the cybersecurity company, the attacker had used the vulnerability more than a week before the software vulnerability was publicly disclosed. Cloud flare.

Organizations are now racing against time to figure out whether they have computers running vulnerable software exposed on the Internet. Government and industry cybersecurity executives are working day and night to solve this problem.

Ransomware attacks the Virginia State Assembly

Another CISA official, Jay Gazlay, said on the phone: “We will have to ensure that we continue to work hard to understand the risks of this code in critical infrastructure throughout the United States.”

Charles Carmakal, senior vice president and chief technology officer of the network security company Mandiant, said that hackers associated with the Chinese government have begun to exploit the vulnerability. Mandiant declined to elaborate on the organizations targeted by the hackers.

“Over time, everyone can arm this damn thing,” Mandiant CEO Kevin Mandia told CNN, referring to the loophole. “That’s the problem. And there may be great hackers hiding in not too much noise.”

“Noise” is a real problem. For cybersecurity professionals, Twitter has always been a constant loss of useful information and, in some cases, misinformation that has nothing to do with vulnerabilities.

Shopping online this holiday?Why you need to protect yourself

To solve this problem, CISA stated that it will establish a public website that provides information about which software products are affected by the vulnerability and information about the technology used by hackers to exploit it.

Eric Goldstein, CISA’s executive assistant director of cybersecurity, said on the phone: “This will be a multi-week process, and new participants are taking advantage of the vulnerability.”

The ubiquity of the software forces network security professionals across the country to check their systems for vulnerabilities on weekends.

“For most of the information technology world, there are no weekends,” Rick Holland, chief information security officer of cybersecurity company Digital Shadows, told CNN. “This is just another long day.”

CNN’s Geneva Sands contributed to the report.





Source link
You have to be inform about what is happening in USA go to united states news to see more.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Decline
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active

Who we are

Suggested text: Our website address is: https://updatednews24.com.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Suggested text: Visitor comments may be checked through an automated spam detection service.
Save settings
Cookies settings