Joint Log4j Cybersecurity Advisory
Attackers are “actively scanning networks to potentially exploit” Log4j vulnerabilities, according to a joint advisory issued by cybersecurity organizations from the US, the UK, Canada, Australia, and New Zealand. The advisory offers technical details, mitigations, and additional resources.
At this point, the importance of mitigating the log4j vulnerability should be evident without this advisory. But the advisory is still useful, particularly in that it includes tools to assist in finding vulnerable log4j instances.
This alert consolidates information you need to know to deal with Log4j. The primary mitigation remains upgrading it where used, which means you need a current application inventory and corresponding monitoring. If you have outsourced or cloud services which haven’t let you know if or how Log4j applies to their environment, actively reach out to them for information. Did you remember to check out our ICS/OT systems for issues? If you are providing services to others, make sure you’re informing them on your actions and any actions they may need to take. Leverage the resources in the bulletin for reporting, IOCs or even if you need help getting your arms around this.
Read more in
CISA: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
SC Magazine: CISA, FBI and NSA issue joint advisory on Log4j with international security agencies
ZDNet: Log4j flaw: Attackers are 'actively scanning networks' warns new CISA guidance
The Hill: Five Eyes nations warn of cyber threats from Apache vulnerability