Global cyberspace, we have a problem © iStockphoto Federal agencies in the United States, as well as top cybersecurity agencies in the other countries that make up the Five Eyes intelligence alliance, warned Wednesday that hackers are “actively exploiting” a recently uncovered vulnerability in Apache logging library log4j. International engagement: The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the top cybersecurity agencies in Australia, Canada, New Zealand and the United Kingdom outlined their concerns about the vulnerability in a joint alert published Wednesday. “Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021- 45105 in vulnerable systems,” the agencies wrote in the alert, referring to multiple vulnerabilities in Apache’s log4j software library. “According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.” Massive impact: The vulnerability, uncovered earlier this month, has quickly snowballed into one of the most widespread cybersecurity vulnerabilities in recent years, with security professionals scrambling to deploy patches for a software that underlies the majority of organizations around the world. Security groups reported last week that nations including China and Iran were exploiting the vulnerability, with organizations including the Belgian Ministry of Defense being hacked through the exploit. “These vulnerabilities, especially Log4Shell, are severe,” the agencies warned. “These vulnerabilities are likely to be exploited over an extended period.” Read more here. |
No comments:
Post a Comment