[CDP-development] CISA Publishes Joint Cybersecurity Advisory to Mitigate Apache Log4J Vulnerability

MASSE, THERESA theresa.masse at cisa.dhs.gov
Wed Dec 22 08:22:32 PST 2021 

FYSA

Today, CISA, the FBI, and NSA have been joined by their cybersecurity authority counterparts from Australia, Canada, New Zealand, and the United Kingdom to release a joint cybersecurity advisory (CSA) on Mitigating Log4Shell and Other Log4j-Related Vulnerabilities<https://www.cisa.gov/uscert/ncas/alerts/aa21-356a>. The joint CSA includes technical details, mitigations, and resources detailing voluntary steps that vendors and organizations with information technology (IT), operational technology (OT), and cloud assets should  take to respond to the Apache Log4j vulnerabilities.

CISA, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Computer Emergency Response Team New Zealand (CERT-NZ), New Zealand National Cyber Secure Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), as well as CISA’s industry partners through the Joint Cyber Defense Collaborative (JCDC)<https://www.cisa.gov/jcdc>, are responding to multiple vulnerabilities in Apache’s Log4j software library: CVE-2021-44228<https://nvd.nist.gov/vuln/detail/CVE-2021-44228> (known as "Log4Shell"), CVE-2021-45046<https://nvd.nist.gov/vuln/detail/CVE-2021-45046>, and CVE-2021-45105<https://nvd.nist.gov/vuln/detail/CVE-2021-45105>. Malicious cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.

For vendors and organizations with IT and/or cloud assets, this joint CSA expands on the previously published CISA guidance with recommended, detailed steps to respond to these vulnerabilities, which are:
·       Identify assets affected by Log4Shell and other Log4j-related vulnerabilities;
·       Upgrade Log4j assets and affected products to the latest version as soon as patches are available and remaining alert to vendor software updates; and
·       Initiate hunt and incident response procedures to detect possible Log4Shell exploitation.
Given the widespread exploitation of this vulnerability, organizations are encouraged to assume their assets that use Log4j may have been compromised and initiate hunt procedures. If a compromise is detected, organizations are encouraged to report it to CISA and/or the FBI.

A dedicated webpage<https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance> with Log4j mitigation guidance<https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance> and resources for network defenders is available on cisa.gov, as well as a community-sourced GitHub (CISAgov<https://github.com/cisagov/log4j-affected-db>) repository of affected devices and services. (Note: due to the urgency to share this information, CISA has not yet validated this content.)


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D7F70D.01FE5680]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211222/13b95a08/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211222/13b95a08/attachment-0001.png>

More information about the CDP-development mailing list