Five Eyes Intelligence Partners Issue Guidance on Risks of Log4j Exploits

CISA release Log4j scanner, RSA conference postponed until June, Security flaw in Azure App Service exposed customer source code, Hack DHS open to Log4j flaws, Solarium Commission ends work, more

IMPORTANCE PUBLISHING NOTICE: Barring any cybersecurity emergencies (!) Metacurity will be on break until December 27. We wish all our wonderful readers and subscribers a very warm and happy holiday season!

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI and National Security Agency, along with the security agencies of Five Eyes intelligence partners, Australia, Canada, New Zealand and the United Kingdom, released an advisory offering vendors and affected organizations a detailed guide on how to deal with potential risks to IT and cloud services posed by an exploit in Apache Log4j’s software library.

The guidance focuses on securing internet-facing devices and systems against Log4Shell-related attacks. However, the alert warns that Java is also ubiquitous throughout IT and OT systems, and unsegmented networks risk invaders moving laterally between systems. (Tonya Riley / Cyberscoop)

Related: FCW, Reddit, The Record, Homeland Security Today, ZDNet, CISA, Cyber.gc…