CISA Issues Emergency Directive Requiring Federal Agencies to Mitigate Apache Log4J Vulnerabilities
APACHE=
Original release date: December 17, 2021
Agency Strongly Urges All Organizations to Take Immediate Action to Protect their Networks
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 22-02 today requiring federal civilian departments and agencies to assess their internet-facing network assets for the Apache Log4j vulnerabilities and immediately patch these systems or implement other appropriate mitigation measures. This Directive will be updated to further drive additional mitigation actions.
The directive is in response to the active exploitation by multiple threat actors of vulnerabilities found in the widely used Java-based logging package Log4j. Since the vulnerabilities were first discovered, CISA has been working with our partners in the public and private sectors to identity vulnerable products, raise awareness, and encourage all potentially affected organizations to take immediate action.
“The log4j vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly. “CISA has issued this emergency directive to drive federal civilian agencies to take action now to protect their networks, focusing first on internet-facing devices that pose the greatest immediate risk. CISA also strongly urges every organization large and small to follow the federal government’s lead and take similar steps to assess their network security and adapt the mitigation measures outlined in our Emergency Directive. If you are using a vulnerable product on your network, you should consider your door wide open to any number of threats.”
https://www.cisa.gov/news/2021/12/17/cisa-issues-emergency-directive-requiring-federal-agencies-mitigate-apache-log4j
https://www.cisa.gov/emergency-directive-22-02
this is why the interwebz will go down.
Dec 23rd - 28th