<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"Franklin Gothic Book";
        panose-1:2 11 5 3 2 1 2 2 2 4;}
@font-face
        {font-family:"Segoe UI";
        panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:100951661;
        mso-list-template-ids:1800725568;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif">Today, CISA, the FBI, and NSA have been joined by their cybersecurity authority counterparts from Australia, Canada, New Zealand, and the United
 Kingdom to release a joint cybersecurity advisory (CSA) on </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://www.cisa.gov/uscert/ncas/alerts/aa21-356a" target="_blank"><b><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Mitigating
 Log4Shell and Other Log4j-Related Vulnerabilities</span></b></a></span><span style="font-family:"Franklin Gothic Book",sans-serif">. The joint CSA includes technical details, mitigations, and resources detailing voluntary steps that vendors and organizations
 with information technology (IT), operational technology (OT), and cloud assets should  take to respond to the Apache Log4j vulnerabilities.  </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif">CISA, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber
 Security (CCCS), Computer Emergency Response Team New Zealand (CERT-NZ), New Zealand National Cyber Secure Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), as well as CISA’s industry partners through the </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://www.cisa.gov/jcdc" target="_blank"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black;background:#E1E3E6">Joint
 Cyber Defense Collaborative (JCDC)</span></a></span><span style="font-family:"Franklin Gothic Book",sans-serif">, are responding to multiple vulnerabilities in Apache’s Log4j software library: </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-44228" target="_blank"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">CVE-2021-44228</span></a></span><span style="font-family:"Franklin Gothic Book",sans-serif"> (known
 as "Log4Shell"), </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-45046" target="_blank"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">CVE-2021-45046</span></a></span><span style="font-family:"Franklin Gothic Book",sans-serif">,
 and </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-45105" target="_blank"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">CVE-2021-45105</span></a></span><span style="font-family:"Franklin Gothic Book",sans-serif">. Malicious cyber
 threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited. </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif">For vendors and organizations with IT and/or cloud assets, this joint CSA expands on the previously published CISA guidance with recommended, detailed steps
 to respond to these vulnerabilities, which are: </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">      
</span></span></span><![endif]><span style="font-family:"Franklin Gothic Book",sans-serif">Identify assets affected by Log4Shell and other Log4j-related vulnerabilities; </span><span style="font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">      
</span></span></span><![endif]><span style="font-family:"Franklin Gothic Book",sans-serif">Upgrade Log4j assets and affected products to the latest version as soon as patches are available and remaining alert to vendor software updates; and </span><span style="font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.75in;text-indent:-.25in;mso-list:l0 level1 lfo2;vertical-align:baseline">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">      
</span></span></span><![endif]><span style="font-family:"Franklin Gothic Book",sans-serif">Initiate hunt and incident response procedures to detect possible Log4Shell exploitation.  </span><span style="font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif">Given the widespread exploitation of this vulnerability, organizations are encouraged to assume their assets that use Log4j may have been compromised
 and initiate hunt procedures. If a compromise is detected, organizations are encouraged to report it to CISA and/or the FBI.  </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"> </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif">A </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance" target="_blank"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">dedicated
 webpage</span></a></span><span style="font-family:"Franklin Gothic Book",sans-serif"> with </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance" target="_blank"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">Log4j
 mitigation guidance</span></a></span><span style="font-family:"Franklin Gothic Book",sans-serif"> and resources for network defenders is available on cisa.gov, as well as a community-sourced </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><a href="https://github.com/cisagov/log4j-affected-db" target="_blank"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif">GitHub
 (CISAgov</span></a></span><span style="font-family:"Franklin Gothic Book",sans-serif">) repository of affected devices and services. (Note: due to the urgency to share this information, CISA has not yet validated this content.) </span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="MsoNormal" style="vertical-align:baseline"><span style="font-family:"Franklin Gothic Book",sans-serif"> <o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image002.png@01D7F70D.01FE5680"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="vertical-align:baseline"><o:p> </o:p></p>
</div>
</body>
</html>