Log4j vulnerability to affect millions of devices: US Gov

Top US government cybersecurity officials have cautioned that Log4j vulnerability will affect millions of devices.
Advanced hackers will have a field day with the vulnerabilities, ZDNet reported quoting top US government officials.
This vulnerability is one of the most serious that I’ve seen in my entire career, if not the most serious,” Jen Easterly, director of CISA said in a call shared with CNN. Easterly has spent two decades in various federal cybersecurity roles.
“We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,” she said.
Security experts are already seeing widespread scanning for the Log4j vulnerability (also dubbed ‘Log4Shell’) on internet-connected devices running vulnerable versions of Log4j version 2, which have been under attack since December 1, although the bug became common knowledge on December 9.
So far, Microsoft has seen attackers compromise machines to install coin miners, the Cobalt Strike pen-testing framework to enable credential theft and lateral movement, and exfiltration of data from compromised systems. These attacks appear to be opportunistic cyber-criminal activity thanks to its ease of exploitation, but top officials at the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) fear “sophisticated actors” will also pounce on the bug soon.
The call, with US critical infrastructure owners and operators, was first reported by CyberScoop.
Publish on W.Media
Author Info - W.Media
Share This Article
Other Popular Posts