CISA warns of Java logging library vulnerability

The Cybersecurity and Infrastructure Security Agency urged the private and public sectors to actively address a critical vulnerability that a growing set of threat actors are exploiting.

Details:

  • CISA said a vulnerability in Java logging library log4j poses a “severe risk” to any device that runs the program and is exposed to the internet.

  • CISA recommends steps to mitigate the vulnerability: enumerating external-facing devices, actioning every alert on these devices, and installing a web application firewall with automatic updates.

  • Apache released an updated version of log4j to address the vulnerability.

More: Additional tools and information for community banks are available on ICBA's Cyber and Data Security resource center.