CISA to brief critical infrastructure companies about urgent new Log4j vulnerability

Written by
Dec 13, 2021 | CYBERSCOOP

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency will host a call with critical infrastructure stakeholders Monday afternoon about a critical vulnerability affecting products with the Log4j software library, according to a statement.

CISA sent out an alert Friday that the agency had added the flaw to its list of exploited vulnerabilities, and urged federal and civilian organizations to patch and take steps to mitigate harm immediately. Log4j is a widely-used open-source logging tool popular in numerous cloud and enterprise apps including Minecraft, Apple Cloud, Cloudflare and Twitter, making the extent of the zero-day’s potential damage likely wide-reaching.

“CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library,” CISA director Jen Easterly said in a statement. “This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use.”

Cybersecurity researchers noted over the weekend that cybercriminals were racing to take advantage of the newly announced vulnerability.

“We are proactively reaching out to entities whose networks may be vulnerable and are leveraging our scanning and intrusion detection tools to help government and industry partners identify exposure

Read More: