The United States warns of millions of devices at risk after software vulnerabilities

According to an Internet government official, millions of devices around the world could be affected by newly released software. பிடன் From key industries to executives United States, Monday (13).

In his opinion, businesses need to take action to address “one of the most serious failures” he has seen in his life.

As large technology companies struggle to control the effects, U.S. officials have made phone calls with industry executives. Hackers Actively exploit the vulnerability of systems.

For now, cyber security analysts said CNN, Technology companies and large companies are being pressured to clean up the software code to find out if it is suffering from a flaw.

But because the vulnerability is so widespread that it can be found on popular apps and websites, consumers can feel the effects if these services are actually hacked.

“This vulnerability is one of the most serious, if not the most serious, that I’ve ever seen in my entire life,” said Jen Easterley, director of the U.S. Cyber ​​Security and Infrastructure Agency (CISA). CNN.

Large financial institutions and health executives attended the conference by phone.

“We hope the vulnerability will be scrutinized in detail by specialized agencies and we will have less time to take the necessary steps to reduce the likelihood of adverse events,” Easterly said.

A CNN He contacted the CISA to comment on the meeting. CyberScope, a technology news site, First reported Content of the call.

Since the news broke last week that hackers were using it to infiltrate companies’ computer networks, there has been a stern warning from US officials about software failure.

It is also a test of new channels created by federal officials to work with industry executives following widespread cyber attacks using Solarwinds and Solarwinds software. Microsoft Released last year.

Experts said CNN Vulnerabilities can take weeks to resolve. Moreover, they point out that alleged Chinese hackers are already trying to exploit it.

There is a vulnerability in the Java based software called “Log4j” which is used by large companies including the world’s largest technology companies to record information in their applications.

Technology legends like Amazon Internet Services e IBM They moved to fix the bug in their products.

This gives the hacker a relatively easy way to access a company’s computer server.

From there, the attacker can plan other ways to access the systems within a company’s network.

The Apache Software Foundation, which manages Log4j software, has released a security solution for companies to apply.

Compete against time to correct the grievance

But according to the cybersecurity firm, the attackers had the advantage for more than a week before the software flaw was made public. Cloudflare.

Companies are now competing against time to find out if there are computers running vulnerable software exposed on the internet.

Government and industrial cyber security executives continue to work on the issue.

“We need to make sure that we have a consistent effort to understand the risks of this code in all major infrastructure in the United States,” Jay Cosley, another CISA official, said by phone.

According to Charles Karmagal, senior vice president and chief technology officer at cybersecurity firm Montient, hackers affiliated with the Chinese government have already begun to take advantage.

Mandiant declined to elaborate on which companies the hackers were targeting.

“Over time, everyone can set the bad thing,” said Mandyant CEO Kevin Mandy CNN, Indicates vulnerability.

“That’s the problem. And the best hackers are hidden among the very good non-hackers.

“Noise” is a real problem. For cybersecurity experts, The Twitter It has been a constant wave of useful information, sometimes misinformation that has nothing to do with vulnerability.

To solve the problem, the CISA said it would create a public website with information on which software products are vulnerable and the techniques that hackers use to exploit it.

“It will be a multi-week process in which new actors will take advantage of the impact,” Eric Goldstein, managing assistant director of CISA’s Cyber ​​Security, said by phone.

The ubiquity of software has forced professionals Internet Security See if their systems are vulnerable over the weekend from across the country.

“In most IT worlds, the weekend is not over,” said Rick Holland, director of information security at digital shadows, a cybersecurity firm. CNN. “This is another long day.”

* Geneva Sands, with information from CNN