This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, one of China's last "volunteer hacker" groups maintains a final outpost in its patriotic hacking war. (Photo by NICOLAS ASFOURI / AFP) / TO GO WITH China-hacking-security,FOCUS by Laurie Chen / The erroneous mention[s] appearing in the metadata of this photo by NICOLAS ASFOURI has been modified in AFP systems in the following, we removed the HOLD HOLD HOLD in the main caption. Please immediately remove the erroneous mention[s] from all your online services and delete it (them) from your servers. If you have been authorized by AFP to distribute it (them) to third parties, please ensure that the same actions are carried out by them. Failure to promptly comply with these instructions will entail liability on your part for any continued or post notification usage. Therefore we thank you very much for all your attention and prompt action. We are sorry for the inconvenience this notification may cause and remain at your disposal for any further information you may require. (Photo by NICOLAS ASFOURI/AFP via Getty Images)
How your device could be at risk of 'one of the most serious' cyber security threats
02:18 - Source: CNN
CNN  — 

Homeland Security Secretary Alejandro Mayorkas said Thursday that he’s “extraordinarily concerned” about a newly revealed critical flaw in widely used software that is roiling the internet and caused the US Patent and Trademark Office to temporarily shut down external access to its computer systems.

“It’s uppermost in our minds, and, quite frankly, uppermost in our action plans,” Mayorkas said, speaking with the German Marshall Fund of the United States about ransomware.

He continued: “The challenge it presents is its prevalence, because they attacked a software that is omnipresent, and then there’s a vulnerability that has been exposed and others can jump in in the exploitation of that vulnerability and really multiply the harm.”

The secretary added that the government is working “very, very quickly” on the issue.

CNN reported earlier Thursday that the US Patent and Trademark Office on Wednesday night shut down external access to its computer systems for 12 hours in response to the flaw in Java-based software known as Log4j.

DHS’ Cybersecurity and Infrastructure Security Agency told CNN later Thursday that it remains accurate that there are no confirmed compromises across federal civilian networks relating to the Log4j vulnerability.

The agency is also not aware of any other federal agencies that conducted similar shutdowns.

The patent office said it had taken the action in light of “serious and time-sensitive concern” around the vulnerability, which is in software that organizations around the world use to log information in their applications.

The move temporarily required people to file patent applications via email, rather than the website, the agency said in an email to its website users viewed by CNN. As of Thursday morning, the patent office said its computer systems were back online.

US cybersecurity officials have sounded the alarm about the Log4j vulnerability, warning that hundreds of millions of devices around the world could be affected by the bug. The Cybersecurity and Infrastructure Security Agency said Tuesday night that there were no signs of breaches at federal agencies using the vulnerability.

But Microsoft has warned that hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit the software flaw.

CISA has ordered all federal civilian agencies to update their software or otherwise address the flaw by December 24.

CNN has reached out to CISA for comment on the patent office’s temporary IT shutdown.

CORRECTION: An earlier version of this article misstated the consequences of the temporary shutdown for patent applicants. People were still able to file patent applications during the shutdown, via email.

This story and headline have been updated with additional developments Thursday.