Log in
Register
Cyber Forum
More options
Toggle width
Share this page
Share this page
Share
Share
Cyber Forum
Log in
Register
More options
Toggle width
Share this page
Share this page
Share
Share
Menu
Install the app
Install
Home
CyberWeekly Podcast
Breaking News! Podcast
Cyber Risk Rating
Forums
New posts
Forum list
Trending
Leaderboards
News Feeds
Resources
Latest reviews
Sophos X-Ops Intelix
Threat Reports
Members
Current visitors
My.CompTIA
Help Documents
Preference Center
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Ian Andriechack" data-source="post: 2473" data-attributes="member: 78"><p>Critical Infrastructure partners, </p><p></p><p>On December 10, 2021, the Apache Software Foundation released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote adversary could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. </p><p></p><p>The Cybersecurity and Infrastructure Security Agency (CISA) is working closely with its public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library. This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use. </p><p></p><p>End users will be reliant on their vendors, and <strong>the vendor community must immediately identify, mitigate, and patch the wide array of products using this software</strong>. Vendors should also be communicating with their customers to ensure end users know that their product contains this vulnerability and should prioritize software updates.</p><p></p><p>To help those efforts, CISA added <a href="https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance" target="_blank">a page</a> to its CISA.gov website <strong>today</strong>, listing the mitigation actions critical infrastructure partners and stakeholders should take immediately to address the Apache Log4j vulnerability. </p><p></p><p>Working closely with our interagency and critical infrastructure partners, CISA is focused on sharing timely cyber threat information with the intent to disrupt malicious cyber activity and help our critical infrastructure partners protect their networks.</p></blockquote><p></p>
[QUOTE="Ian Andriechack, post: 2473, member: 78"] Critical Infrastructure partners, On December 10, 2021, the Apache Software Foundation released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote adversary could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. The Cybersecurity and Infrastructure Security Agency (CISA) is working closely with its public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library. This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use. End users will be reliant on their vendors, and [B]the vendor community must immediately identify, mitigate, and patch the wide array of products using this software[/B]. Vendors should also be communicating with their customers to ensure end users know that their product contains this vulnerability and should prioritize software updates. To help those efforts, CISA added [URL='https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance']a page[/URL] to its CISA.gov website [B]today[/B], listing the mitigation actions critical infrastructure partners and stakeholders should take immediately to address the Apache Log4j vulnerability. Working closely with our interagency and critical infrastructure partners, CISA is focused on sharing timely cyber threat information with the intent to disrupt malicious cyber activity and help our critical infrastructure partners protect their networks. [/QUOTE]
Name
Verification
Post reply
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
Top
Bottom
Home
Forums
Threat Reports
My.CompTIA
Menu