Today is Wednesday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.
Top cybersecurity agencies in the U.S. and abroad warned of cyber threats from the vulnerability in Apache logging library log4j.
Meanwhile, Vice President Harris is calling for a “cyber doctrine” and a new poll found most Americans don’t trust Facebook, Instagram and TikTok with their personal data.
Let’s jump into the news.
Global cyberspace, we have a problem
Federal agencies in the United States, as well as top cybersecurity agencies in the other countries that make up the Five Eyes intelligence alliance, warned Wednesday that hackers are “actively exploiting” a recently uncovered vulnerability in Apache logging library log4j.
International engagement: The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the top cybersecurity agencies in Australia, Canada, New Zealand and the United Kingdom outlined their concerns about the vulnerability in a joint alert published Wednesday.
“Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021- 45105 in vulnerable systems,” the agencies wrote in the alert, referring to multiple vulnerabilities in Apache’s log4j software library. “According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.”
Massive impact: The vulnerability, uncovered earlier this month, has quickly snowballed into one of the most widespread cybersecurity vulnerabilities in recent years, with security professionals scrambling to deploy patches for a software that underlies the majority of organizations around the world.
Security groups reported last week that nations including China and Iran were exploiting the vulnerability, with organizations including the Belgian Ministry of Defense being hacked through the exploit.
“These vulnerabilities, especially Log4Shell, are severe,” the agencies warned. “These vulnerabilities are likely to be exploited over an extended period.”
Read more here.
Harris weighs in
Vice President Harris is calling for a “cyber doctrine” and greater international coordination to address cybersecurity concerns after a year of mounting attacks.
“I do believe that it is important for us to have a cyber doctrine,” Harris said as part of an upcoming interview on CBS’s ‘Face the Nation,” airing later this week, when asked whether cyberattacks should be considered acts of terror.
Harris pointed to her work as chair of the National Space Council in stressing the need to work towards enhancing international cybersecurity efforts, noting the importance of the “role and the responsibility that we have to work with our partners and allies around international norms and rules.”
“On the issue of cyber, it is important that we work with our allies on these issues,” Harris said.
Read more here.
POLL FINDS TECH DISTRUST
Most Americans distrust TikTok, Facebook and Instagram with their personal information and data, according to a Washington Post-Shcar School poll released Wednesday.
Seventy-two percent of respondents said they distrust Facebook. Other platforms under the same Meta parent company didn’t fare much better, with 60 percent of those surveyed saying they distrust Instagram and 53 percent said they distrust WhatsApp, based on the poll.
Sixty-three percent of surveyed Americans said they distrust video-sharing app TikTok with their data, according to the poll.
The poll found slightly lower levels of distrust of other tech giants, with 40 percent saying they don’t trust Amazon and Apple, and 42 percent saying they don’t trust Microsoft.
Read more here.
TIKTOK TO THE TOP
TikTok has dislodged Google as the most popular site in 2021, according to the latest data from web security company Cloudflare.
The social media app overtook other tech behemoths that ranked above it last year, including Amazon, Apple, Facebook, Microsoft and Netflix.
The popular social media app ranked seventh to Google’s first in 2020 and got a little “help” from the pandemic, according to a blog post titled “Popular Domains Year In Review 2021.”
According to the blog post, there were some days when Google was No. 1, but October and November were mostly “TikTok’s days, including on Thanksgiving and Black Friday.”
Read more here.
MASKS BACK ON
Workers at Amazon warehouses will once again be required to wear masks, according to a message sent to employees obtained by CNBC Wednesday.
The reimposition of the mask mandate, which was only lifted in November, comes amid a surge in cases of COVID-19 driven by the Omicron variant.
Workers were told they must all wear masks regardless of vaccination status or local rules.
“Your health and safety are of the utmost importance to us,” the notice states. “In response to the rapid spread of the Covid-19 omicron variant in the U.S. and guidance from public health authorities and our own medical experts, face coverings are again required for everyone.”
BITS AND PIECES
An op-ed to chew on: Targeted cyber sabotage can bring Russia and China to their knees
Lighter click: Seems pretty suspect to me
Notable links from around the web:
The Log4j flaw is the latest reminder that quick security fixes are easier said than done (CyberScoop / AJ Vicens)
How ‘The Matrix’ inspired a new generation of hackers (Vice Motherboard / Lorenzo Franceschi-Bicchierai)
One last thing: AWS reports another outage
Amazon Web Services (AWS) experienced a temporary outage Wednesday morning affecting Slack, the workplace software Asana and the Epic Games Store.
The company first acknowledged connectivity issues at a data center in the US-EAST-1 Region at roughly 7:30 a.m. EST because of a loss of power. By 8:40 a.m. EST, power was restored to the data center and network connectivity issues started to resolve.
This is the third outage of the month for AWS, which provides cloud computing services for vast swathes of the internet.
Read more here.
That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Thursday.