/Cybersecurity official warns software vulnerability could affect hundreds of millions of devices

Cybersecurity official warns software vulnerability could affect hundreds of millions of devices

CISA first warned about the vulnerability over the weekend.

The Cybersecurity and Infrastructure Agency (CISA) on Tuesday warned that the Log4j vulnerability could impact hundreds of millions of devices, according to a top government official.

The vulnerability is linked to a commonly used piece of software called Log4j, a utility that runs in the background of many commonly used software applications.

CISA convened a conference call on the vulnerability, according to a CISA official.

On the call, CISA Director Jenn Easterly told industry and government officials the vulnerability will be widespread and CISA officials stated hundreds of millions of devices are likely affected and can be exploited by a broad range of threat actors, according to that official.

Members of Congress and private businesses are also sounding the alarm about the vulnerability.

“Basically, it’s an open door that could allow a bad actor in to either steal your data to launch a ransomware attack, you name it. It’s basically an open door to your system that allows an attacker in,” Rep. Jim Langevin, a Rhode Island Democrat, told ABC News.

Langevin, one of the founding members of the Cyberspace Solarium Commission, said this vulnerability could be a problem for companies, as it could “compromise an entire company’s system and their database, including customer records and data, on a more individual basis.”

Cybersecurity giant Mandiant said it is already seeing Chinese government actors exploit the vulnerability.

Companies like Amazon Web Services and IBM are working to issue patches in their software as a stop gap to fix the vulnerability.

Langevin said the seriousness of the vulnerability cannot be understated.

“There’s no telling what the bad actors could do to carry out their ransomware attack or steal data, implant something onto a system,” Langevin said. “If Log4j is used let’s say on a utility could very easily in that, you know, in the in the middle of winter, go on to a compromise, a gas company’s website and shut down the gas pipeline, if you will. And so there could be people significant numbers of people that are without natural gas to heat their homes in the dead of winter. It could cause, obviously damage or loss of life, which is again all very disturbing.”

Original Source