US government agencies are expecting Log4j vulnerability to be widely exploited.
Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned the recently-revealed Log4j vulnerability was “one of the most serious” she’s seen in her entire career, “if not the most serious”. “We expect the vulnerability to be widely exploited by sophisticated actors and we have limited time to take necessary steps in order to reduce the likelihood of damage,” Easterly explained. Adding to the conversation was Jay Gazlay, of CISA’s vulnerability office, who said that “hundreds of millions of” endpoints were likely to be affected by the flaw. CISA is part of the US Department of Homeland Security, and is currently building a website for all affected parties to educate themselve, but also to “counter active disinformation”.
