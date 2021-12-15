The US Cybersecurity and Infrastructure Agency (CISA) has issued a warning that hundreds of millions of computers worldwide have either already been compromised or are at risk of being hacked due to an easily exploitable software vulnerability found in an open-source software, a CISA official said on Tuesday

"CISA Director Jen Easterly convened a stakeholder call with critical infrastructure and state, local, tribal and territorial government partners to stress the urgency of addressing the Log4j vulnerability and provide updates on the latest mitigation guidance. Director Easterly made it clear that the impact of this vulnerability will be widespread and CISA officials stated that hundreds of millions of devices are likely affected and can be exploited by a broad range of threat actors," the official said in a readout of the call.

The call took place on Monday and was followed by the publication of a new CISA guidance about the so-called Log4j vulnerability.

Log4j is a piece of an open-source software that is used in a multitude of internet applications to track users' online activity and hence can be easily used by hackers to gain an access to practically any organization databases and networks.

CISA recommends to take three immediate protective actions, including enumerating external-facing devices that have Log4j and installing a web application firewall.