CISA warns of Java logging library vulnerability

Dec. 14, 2021

The Cybersecurity and Infrastructure Security Agency urged the private and public sectors to actively address a critical vulnerability that a growing set of threat actors are exploiting.

Details:

CISA said a vulnerability in Java logging library log4j poses a “severe risk” to any device that runs the program and is exposed to the internet.
CISA recommends steps to mitigate the vulnerability: enumerating external-facing devices, actioning every alert on these devices, and installing a web application firewall with automatic updates.
Apache released an updated version of log4j to address the vulnerability.

Microsoft issued guidance for addressing log4j exploitation.

More: Additional tools and information for community banks are available on ICBA's Cyber and Data Security resource center.

Interested in discussing this and other topics? Network with and learn from your peers with the app designed for community bankers. Join the conversation with ICBA Community.

NewsWatch Today Contacts

Thomas Warren

Vice President, Communications

Nicole Swann

Vice President, Communications

CISA warns of Java logging library vulnerability

NewsWatch Today Contacts

Related News

CISA releases proposal on cyber reporting standards

Agencies issue fact sheet on ‘Volt Typhoon’ risks

Agencies disrupt LockBit ransomware group

Agencies issue guidance on using AI securely