Make a Contribution to Remove NSFW Ads

US warns hundreds of millions of devices at risk from newly revealed software vulnerability

lightbright

lightbright

Master Pussy Poster
BGOL Investor
Washington (CNN)Hundreds of millions of devices around the world could be exposed to a newly revealed software vulnerability, as a senior Biden administration cyber official warned executives from major US industries Monday that they need to take action to address "one of the most serious" flaws she has seen in her career.

As major tech firms struggle to contain the fallout, US officials held a call with industry executives warning that hackers are actively exploiting the vulnerability.
For now, cybersecurity analysts told CNN, the pressure is on tech companies to clean up their software code and on big businesses to figure out if they are affected by the flaw. But because the vulnerability is so widespread, and likely present in things like popular apps and websites, consumers could also feel the fallout if those services get hacked.

"This vulnerability is one of the most serious that I've seen in my entire career, if not the most serious," Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said on a phone call shared with CNN. Big financial firms and health care executives attended the phone briefing.
"We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents," Easterly said.
CNN has reached out to CISA for comment on the call. CyberScoop, a technology news site, first reported on contents of the call.
It's the starkest warning yet from US officials about the software flaw since news broke late last week that hackers were using it to try to break into organizations' computer networks. It's also a test of new channels that federal officials have set up for working with industry executives after the widespread hacks exploiting SolarWinds and Microsoft software revealed in the last year.

Experts told CNN it could take weeks to address the vulnerabilities and that suspected Chinese hackers are already attempting to exploit it.

The vulnerability is in Java-based software known as "Log4j" that large organizations, including some of the world's biggest tech firms, use to log information in their applications. Tech giants like Amazon Web Services and IBM have moved to address the bug in their products.
It offers a hacker a relatively easy way to access an organization's computer server. From there, an attacker could devise other ways to access systems on an organization's network.
The Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply.
Race against time to address flaw
But attackers had more than a week's head start on exploiting the software flaw before it was publicly disclosed, according to cybersecurity firm Cloudflare.
Organizations are now in a race against time to figure out if they have computers running the vulnerable software that were exposed to the internet. Cybersecurity executives across government and industry are working around the clock on the issue.

"We're going to have to make sure we have a sustained effort to understand the risk of this code throughout US critical infrastructure," Jay Gazlay, another CISA official, said on the phone call.
Chinese-government linked hackers have already begun using the vulnerability, according to Charles Carmakal, senior vice president and chief technology officer for cybersecurity firm Mandiant. Mandiant declined to elaborate on what organizations the hackers were targeting.
"Over time, everybody can arm the damn thing," Mandiant CEO Kevin Mandia told CNN, referring to the vulnerability. "That's the problem. And there'll probably be great hackers hiding in the noise of the not so great."
The "noise" is a real problem. For cybersecurity professionals, Twitter has been a constant churn of both useful information and, in some cases, misinformation that has nothing to do with the vulnerability.

To address the issue, CISA said it would set up a public website with information on what software products were affected by the vulnerability, and the techniques that hackers were using to exploit it.
"This will be a multiweek process where new actors are exploiting the vulnerability," Eric Goldstein, CISA's executive assistant director for cybersecurity, said on the phone call.
The ubiquity of the software forced cybersecurity professionals around the country to spend the weekend checking if their systems are vulnerable.
"For most of the information technology world, there was no weekend," Rick Holland, chief information security officer at cybersecurity firm Digital Shadows, told CNN. "It was just another long set of days."


US warns hundreds of millions of devices at risk from newly revealed software vulnerability - CNNPolitics
 
lightbright said:
Washington (CNN)Hundreds of millions of devices around the world could be exposed to a newly revealed software vulnerability, as a senior Biden administration cyber official warned executives from major US industries Monday that they need to take action to address "one of the most serious" flaws she has seen in her career.

As major tech firms struggle to contain the fallout, US officials held a call with industry executives warning that hackers are actively exploiting the vulnerability.
For now, cybersecurity analysts told CNN, the pressure is on tech companies to clean up their software code and on big businesses to figure out if they are affected by the flaw. But because the vulnerability is so widespread, and likely present in things like popular apps and websites, consumers could also feel the fallout if those services get hacked.

"This vulnerability is one of the most serious that I've seen in my entire career, if not the most serious," Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said on a phone call shared with CNN. Big financial firms and health care executives attended the phone briefing.
"We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents," Easterly said.
CNN has reached out to CISA for comment on the call. CyberScoop, a technology news site, first reported on contents of the call.
It's the starkest warning yet from US officials about the software flaw since news broke late last week that hackers were using it to try to break into organizations' computer networks. It's also a test of new channels that federal officials have set up for working with industry executives after the widespread hacks exploiting SolarWinds and Microsoft software revealed in the last year.

Experts told CNN it could take weeks to address the vulnerabilities and that suspected Chinese hackers are already attempting to exploit it.

The vulnerability is in Java-based software known as "Log4j" that large organizations, including some of the world's biggest tech firms, use to log information in their applications. Tech giants like Amazon Web Services and IBM have moved to address the bug in their products.
It offers a hacker a relatively easy way to access an organization's computer server. From there, an attacker could devise other ways to access systems on an organization's network.
The Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply.
Race against time to address flaw
But attackers had more than a week's head start on exploiting the software flaw before it was publicly disclosed, according to cybersecurity firm Cloudflare.
Organizations are now in a race against time to figure out if they have computers running the vulnerable software that were exposed to the internet. Cybersecurity executives across government and industry are working around the clock on the issue.

"We're going to have to make sure we have a sustained effort to understand the risk of this code throughout US critical infrastructure," Jay Gazlay, another CISA official, said on the phone call.
Chinese-government linked hackers have already begun using the vulnerability, according to Charles Carmakal, senior vice president and chief technology officer for cybersecurity firm Mandiant. Mandiant declined to elaborate on what organizations the hackers were targeting.
"Over time, everybody can arm the damn thing," Mandiant CEO Kevin Mandia told CNN, referring to the vulnerability. "That's the problem. And there'll probably be great hackers hiding in the noise of the not so great."
The "noise" is a real problem. For cybersecurity professionals, Twitter has been a constant churn of both useful information and, in some cases, misinformation that has nothing to do with the vulnerability.

To address the issue, CISA said it would set up a public website with information on what software products were affected by the vulnerability, and the techniques that hackers were using to exploit it.
"This will be a multiweek process where new actors are exploiting the vulnerability," Eric Goldstein, CISA's executive assistant director for cybersecurity, said on the phone call.
The ubiquity of the software forced cybersecurity professionals around the country to spend the weekend checking if their systems are vulnerable.
"For most of the information technology world, there was no weekend," Rick Holland, chief information security officer at cybersecurity firm Digital Shadows, told CNN. "It was just another long set of days."


US warns hundreds of millions of devices at risk from newly revealed software vulnerability - CNNPolitics
Click to expand...
 
:oops:

ZVh6j8Ruz-bFR1a1LW3aCGJQOgWixfZZJ6C_XpEjxgE.jpg
 
Soul On Ice said:
Click to expand...

The throat fairy the great homo Cunnilingulus has spoken....again with little words, because his jaws are opening wide.... as he begins to put his jaws to work for his masses

#PoleAssassin #PickleTwister #Hermaphrodite

.
 
Last edited:
Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability

Washington (CNN)Hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit a critical flaw in software used by big tech firms around the world, Microsoft warned late Tuesday.
The activity from the foreign hacking groups includes experimentation with the vulnerability, integration into existing hacking tools and "exploitation against targets to achieve the actor's objectives," Microsoft said in a blog post. Microsoft did not say which organizations have been targeted by the hackers; a spokesperson could not be immediately reached for comment.
It's the latest fallout from the recently revealed software flaw, which the US Cybersecurity and Infrastructure Security Agency says could affect hundreds of millions of devices globally. CISA has ordered all federal civilian agencies to update their software in response to the threat.
The Iranian hacking group using the vulnerability has a history of deploying ransomware, according to Microsoft and other security firms. The Chinese group is the same one behind a hacking campaign against Microsoft Exchange email software earlier this year, which the White House condemned as reckless.

The flaw is in Java-based software known as "Log4j" that organizations around the world use to log information in their applications. The list of affected software providers reads like a who's who of tech giants, from Cisco to Amazon Web Services to IBM.
While US officials are on high alert over the software bug, Eric Goldstein, a senior CISA official, told reporters Tuesday evening that officials had no evidence that federal networks had been breached using the vulnerability.
Microsoft joined a chorus of other big cybersecurity firms in sounding the alarm that suspected foreign espionage groups were pouncing on the vulnerability.
"We have seen Chinese and Iranian state actors leveraging this vulnerability, and we anticipate other state actors are doing so as well, or preparing to," said John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant. "We believe these actors will work quickly to create footholds in desirable networks for follow on activity which may last for some time."




Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability - CNNPolitics
 

Make a Contribution to Remove NSFW Ads
You must log in or register to reply here.

Similar threads

playahaitian
Money: Amazon Warns 220 Million Customers Of Prime Account Attacks
Replies
3
Views
144
RUDY RAYYY MO
RUDY RAYYY MO
lightbright
Microsoft will delete your passwords this friday..... what to do
Replies
0
Views
113
lightbright
lightbright
WorldEX
The biggest risk America faces now is super large scale drone attack
Replies
3
Views
133
Temujin
Temujin
X
China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says
Replies
10
Views
266
xfactor
X
Gemini
PSA: it’s time to update WinRAR due to a big security vulnerability (new vulnerability 8/12/25
Replies
13
Views
356
knightmelodic
knightmelodic
Back
Top