White House wants to put heads together with FAANG firms for cybersec


Today Reuters reports the White House is set to meet with leaders of big tech companies including Google, Amazon and Apple, as well as Meta (formally Facebook) and IBM.

The meeting, to be hosted by U.S. deputy national security advisor for cyber and emerging technology Anne Neuberger, is supposed to address some of the cybersecurity concerns prominent in both public and private sectors.

Reporting by Jose Adorno at 9to5Mac shows  White House National Security Advisor Jake Sullivan sent a letter to chief executives recentlyabout security vulnerabilities.

In past weeks, security professionals had an example of the kind of chaos that widespread hacking can cause when a vulnerability loophole goes unaddressed.

An item called Log4j created a lot of doubt in the security community.

“Cyber attackers are making over a hundred attempts to exploit a critical security vulnerability in Java logging library Apache Log4j every minute,” tech journalist Danny Palmer reported Dec. 13. “The Log4j flaw (also now known as “Log4Shell”) is a zero-day … that first came to light on December 9, with warnings that it can allow unauthenticated remote code execution and access to servers. Log4j is used in many forms of enterprise and open-source software, including cloud platforms, web applications and email services, meaning that there’s a wide range of software that could be at risk from attempts to exploit the vulnerability.”

Pinpointing some of the black hat opportunism early on in the game, Palmer (and others) warned of greater issues to come.

“Cybersecurity researchers at Sophos have warned that they’ve detected hundreds of thousands of attempts to remotely execute code using the Log4j vulnerability in the days since it was publicly disclosed, along with scans searching for the vulnerability,” Palmer wrote. “There are already active examples of attackers attempting to leverage Log4j vulnerabilities to install cryptocurrency-mining malware, while there also reports of several botnets, including Mirai, Tsunami, and Kinsing, that are making attempts to leverage it.”

More recently, although some venues were reporting a type of all-clear, tech journalists were citing the advice of experts who recommended against ignoring the crisis that the Log4j problem created.

We’ll see what comes out of the plan meeting between heads of state and heads of industry.