US Government Warns of Critical Software Flaw in Server Systems... Financial and Medical Institutions Must Exercise Caution
US CISA "Concerns Over Widespread Exploitation"...Vulnerability Risk Warning
![[Image source=Reuters Yonhap News]](http://www.asiae.co.kr/news/img_view.htm?img=2021121416330760867_1639467187.jpg)
[Asia Economy Reporter Hyunwoo Lee] The U.S. government has raised concerns over hacker attacks following the discovery of a critical flaw in server software and has urged major financial and medical institutions to take thorough precautions.
On the 13th (local time), according to U.S. CNN, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security, held a conference call to warn about the risks of a vulnerability found in the open-source logging library 'log4j.' He stated, "This vulnerability is the worst I have encountered in my entire career," emphasizing, "It can be widely exploited, and there is not much time to take measures to reduce the risk of damage." It is known that many executives from major financial firms and healthcare institutions in the U.S. attended the meeting that day.
The vulnerability was first discovered in the online game 'Minecraft,' which is serviced by Microsoft, and it is known that most servers suffer from the same issue. CISA warned that exploiting this vulnerability allows relatively easy breaches of security and access to the internal server.
Some hackers have reportedly already begun exploiting the log4j vulnerability. Charles Carmakal, Senior Vice President of cybersecurity firm Mandiant, said, "Hackers linked to the Chinese government have started exploiting the log4j vulnerability." However, he did not disclose specific details such as the targets of the attacks.
The Apache Software Foundation, which supports and manages open-source projects, rated the security threat level of the log4j vulnerability as '10' on a scale of 1 to 10, the highest level, and announced a security update on the 6th. Experts expect that it will take government agencies and companies at least one week to several weeks to patch the security holes.
Hot Picks Today
If They Fail Next Year, Bonus Drops to 97 Million Won... A Closer Look at Samsung Electronics DS Division’s 600M vs 460M vs 160M Performance Bonuses
- Opening a Bank Account in Korea Is Too Difficult..."Over 150,000 Won in Notarization Fees Just for a Child's Account and Debit Card" [Foreigner K-Finance Status]②
- [Local Election Interview] Chu Kyung-ho: "Daegu Needs a Competent Economic Expert... Attracting the Semiconductor Industry"
- Room Prices Soar from 60,000 to 760,000 Won and Sudden Cancellations: "We Won't Even Buy Water in Busan" — BTS Fans Outraged
- "Who Is Visiting Japan These Days?" The Once-Crowded Tourist Spots Empty Out... What's Happening?
CISA plans to operate a website providing information on which software products have the vulnerability and what techniques hackers use to exploit these weaknesses.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
!["Please Help Us": How Much Do Those Bowing 90 Degrees These Days Actually Earn? [Data Pick]](https://cwcontent.asiae.co.kr/asiaresize/307/2026052010120870131_1779239528.png)
