[oagitm] CISA Publishes Joint Cybersecurity Advisory to Mitigate Apache Log4J Vulnerability
- From: "MASSE THERESA" <dmarc-noreply@xxxxxxxxxxxxx> ("theresa.masse")
- To: "oagitm@xxxxxxxxxxxxx" <oagitm@xxxxxxxxxxxxx>
- Date: Wed, 22 Dec 2021 16:22:08 +0000
FYSA
Today, CISA, the FBI, and NSA have been joined by their cybersecurity authority
counterparts from Australia, Canada, New Zealand, and the United Kingdom to
release a joint cybersecurity advisory (CSA) on Mitigating Log4Shell and Other
Log4j-Related
Vulnerabilities<https://www.cisa.gov/uscert/ncas/alerts/aa21-356a>. The joint
CSA includes technical details, mitigations, and resources detailing voluntary
steps that vendors and organizations with information technology (IT),
operational technology (OT), and cloud assets should take to respond to the
Apache Log4j vulnerabilities.
CISA, the Federal Bureau of Investigation (FBI), National Security Agency
(NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber
Security (CCCS), Computer Emergency Response Team New Zealand (CERT-NZ), New
Zealand National Cyber Secure Centre (NZ NCSC), and the United Kingdom’s
National Cyber Security Centre (NCSC-UK), as well as CISA’s industry partners
through the Joint Cyber Defense Collaborative
(JCDC)<https://www.cisa.gov/jcdc>, are responding to multiple vulnerabilities
in Apache’s Log4j software library:
CVE-2021-44228<https://nvd.nist.gov/vuln/detail/CVE-2021-44228> (known as
"Log4Shell"), CVE-2021-45046<https://nvd.nist.gov/vuln/detail/CVE-2021-45046>,
and CVE-2021-45105<https://nvd.nist.gov/vuln/detail/CVE-2021-45105>. Malicious
cyber threat actors are actively scanning networks to potentially exploit
Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According
to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.
For vendors and organizations with IT and/or cloud assets, this joint CSA
expands on the previously published CISA guidance with recommended, detailed
steps to respond to these vulnerabilities, which are:
· Identify assets affected by Log4Shell and other Log4j-related
vulnerabilities;
· Upgrade Log4j assets and affected products to the latest version as
soon as patches are available and remaining alert to vendor software updates;
and
· Initiate hunt and incident response procedures to detect possible
Log4Shell exploitation.
Given the widespread exploitation of this vulnerability, organizations are
encouraged to assume their assets that use Log4j may have been compromised and
initiate hunt procedures. If a compromise is detected, organizations are
encouraged to report it to CISA and/or the FBI.
A dedicated
webpage<https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance> with
Log4j mitigation
guidance<https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance> and
resources for network defenders is available on cisa.gov, as well as a
community-sourced GitHub
(CISAgov<https://github.com/cisagov/log4j-affected-db>) repository of affected
devices and services. (Note: due to the urgency to share this information, CISA
has not yet validated this content.)
Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse@xxxxxxxxxxxx<mailto:theresa.masse@xxxxxxxxxxxx>
[cid:image002.png@01D7F70D.01FE5680]
Other related posts:
- » [oagitm] CISA Publishes Joint Cybersecurity Advisory to Mitigate Apache Log4J Vulnerability - MASSE THERESA
