The following is a statement shared by the US Secret Service’s Gateway Cyber Task Force at the St. Louis Field Office for the benefit of the public.

DHS – CISA and its partners, through the Joint Cyber Defense Collaborative, are tracking and responding to active, widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1. Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.

CISA has created a webpage, Apache Log4j Vulnerability Guidance and will actively maintain a community-sourced GitHub repository of publicly available information and vendor-supplied advisories regarding the Log4j vulnerability.

CISA urges organizations to review its Apache Log4j Vulnerability Guidance webpage and upgrade to Log4j version 2.15.0, or apply the appropriate vendor recommended mitigations immediately.

Please follow this link for more information.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent news posts

This is a sample blog post title.
Featured Image

Twitter’s New Ownership Sparks Changes to Security Structure

This is a sample blog post title.
Featured Image

Latin America Cyber Community Challenges Fast-Growing Threat Landscape

This is a sample blog post title.
Featured Image

Third-Party Threats Pose Problems for Healthcare Sector

This is a sample blog post title.
Featured Image

CISA, FBI Cite No Specific Cybersecurity Threat to Midterm Elections

This is a sample blog post title.
Featured Image

Atlanta Keynote Highlights: Hadas Cassorla

Attend an Event!

Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.

Register Today