DHS Secretary “extraordinarily concerned” by latest software vulnerability that forced US patent office to take systems offline for 12 hours

0


“It’s the top priority in our minds and, quite frankly, in our action plans,” said Mayorkas, speaking with the US German Marshall Fund about ransomware.

He continued, “The challenge with this is its prevalence, because they’ve attacked ubiquitous software and then there’s a vulnerability that’s been exposed and others can go into exploiting that vulnerability and really multiply them. damage.”

The secretary added that the government is working “very, very quickly” on the issue.

CNN reported earlier Thursday that the U.S. Patent and Trademark Office shut down external access to its computer systems for 12 hours Wednesday evening in response to the flaw in Java software known as Log4j.

DHS’s cybersecurity and infrastructure security agency told CNN on Thursday that it remains accurate that there is no confirmed compromise on federal civilian networks regarding the Log4j vulnerability.

The agency is also not aware of any other federal agencies that have carried out similar closings.

The patent office said it had taken action in light of a “serious and urgent concern” about the vulnerability, which is in software that organizations around the world use to store information in their applications. .

The move temporarily forced people to file patent applications by email, rather than the website, the agency said in an email to users of its website viewed by CNN. On Thursday morning, the patent office said its computer systems were back online.

U.S. cybersecurity officials have sounded the alarm over the Log4j vulnerability, warning that hundreds of millions of devices around the world could be affected by the bug. The Cybersecurity and Infrastructure Security Agency said Tuesday evening that there were no signs of breach at any federal agencies using the vulnerability.

But Microsoft has warned that hackers linked to the governments of China, Iran, North Korea and Turkey decided to exploit the software flaw.

The CISA ordered all federal civilian agencies to update their software or fix the flaw by December 24.

CNN has reached out to CISA for comment on the temporary shutdown of the patent office’s IT system.

CORRECTION: An earlier version of this article poorly explained the consequences of the temporary shutdown for patent applicants. People could still file patent applications during the shutdown, by email.

This story and the title were updated with further development on Thursday.


Share.

Comments are closed.