CISA Issues Emergency Directive as Third Log4j Bug and New Attack Vector Emerge
Conti ransomware gang exploits Log4Shell flaw, Belgian ministry attackers reportedly exploited Log4j flaw, DeFi protocol Grim Finance hacked for $30 million, Clop gang release UK police data, more
The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive giving federal agencies until December 23 to identify which software is impacted by log4j and then deploy patches against these vulnerabilities or remove the affected software from the network.
CISA ordered agencies to report impacted software and actions taken to CISA by December 28. “The log4j vulnerabilities pose an unacceptable risk to federal network security,” CISA Director Jen Easterly said in a statement Friday. “CISA has issued this emergency directive to drive federal civilian agencies to take action now to protect their networks, focusing first on internet-facing devices that pose the greatest immediate risk.” (Maggie Miller / The Hill)
Related: WRAL, Meritalk, Federal News Network, CNET, CNN.com, Cyberscoop, Dark Reading, ZDNet Security, The Hill: Cybersecurity, The Register - Security, Industrial Cyber, US-CERT Current Activity, The Record by Recorded Future, The Straits Times Tech News
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.