Technology /

Hundreds of Millions at Risk of Newly Discovered Software Flaw

A leading cybersecurity expert called the software vulnerability 'one of the most serious that I've seen in my entire career'

According to experts from the U.S. Cybersecurity and Infrastructure Security Agency, millions of devices worldwide could be exposed to a recently revealed software vulnerability

On Monday, a cyber official from the Biden administration warned executives in major U.S. industries about the potential severity of this discovery.

“This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,” Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), said Monday. “We expect the vulnerability to be widely exploited by sophisticated actors, and we have limited time to take necessary steps in order to reduce the likelihood of damaging incidents.”

Last week, it was revealed that hackers were utilizing the flaw to break into organizations’ computer networks. 

This warning is the result of a new protocol established by officials for working with industry executives following the widespread hacks against SolarWinds and Microsoft software revealed last year.

Experts have now said it could take weeks to address the flaw and that suspected Chinese hackers are already working to exploit it.

The flaw is in a Java-based software known as “Log4j” that many large organizations, including some of the world’s biggest tech firms, utilize to log data inside their native applications. Tech giants like Amazon Web Services and IBM have begun to address the flaw in their systems, moving at an urgent pace to protect customers and users.

The software flaw offers a relatively easy way to access an organization’s computer server. Once the hacker gains access through the flaw, they could devise other ways to access an organization’s network systems.

Apache Software Foundation, which manages the Log4j software, has released a security fix for organizations to apply in response to the urgency of the issue.

*For corrections please email [email protected]*

3 responses to “Hundreds of Millions at Risk of Newly Discovered Software Flaw”

  1. pandusa says:

    Got hacked yesterday.Computer locked up. Alert notification with computerized voice” You computer has been locked for your protection.Call this number.” They claimed to be Microsoft (figured I should have gotten e-mail notification also if it were Microsoft. I didn’t). I called to get info on THEM.Cyber pirate dude claimed my ID was being used in child pornography sales/distribution. A friend gave me the notebook so easy come-easy go. (Nothing special on it of mine.I notified my friend. She is 58 and a nurse so I know she wasn’t involved in anything like that.) I told pirate dude ok, I would just kick ALL this shit to the curb. I froze my accounts. Called the Attorney Generals office (fraud division)to log a complaint in my state.She said what was the point if I didn’t lose money?Due to Social security fraud calls I was aware you should file a complaint with details you can remember,so law enforcement can follow patterns,times and phone #s. I did lose the notebook.She didn’t know I didn’t pay for it.I advised her of their OWN policy.She says”well you need to go on line and file a complaint”.I replied “I just told you my computer is LOCKED UP”. I told her I wanted to file a complaint for MY protection in case it WAS true so I didn’t get arrested for child porn sales/distribution.She said “No one is going to arrest you ma’am”.(She also doesn’t know am a volunteer with a outfit protesting peacefully at the State Capitol on a fairly regular basis.I hope.).She will send me a form by mail which I am reasonably sure will never come. I am on another friend’s computer now. I will “fill out the form”then write a complaint about the AG office.Guess it could be worse. I heard FEMA was telling the TORNADO victims to do the same-go on line and “fill out the form”. Inmates are running the Asylum… well, government. Not enough difference to correct it. Beware my friends…I will get VPN on 2.0.

  2. Rawdog says:

    So…somebody working for Beijing Biden “discovers” a security threat that I am sure will be “solved” by a download provided by them…soooo…a vaxx for your computer…?🤔

  3. Another Beer says:

    Well…just going to wait until the World Economic Forum turns off the internet to prevent the cyber pandemic.