A joint Cybersecurity Advisory was recently released by Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), in response to multiple vulnerabilities in Apache’s Log4j software library.
Malicious cyber actors are actively scanning networks to potentially exploit CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.
First, what is Log4j? To learn more about this vulnerability, read our recent blog post.
What Should You Do?
BMT’s vulnerability management service will scan your networks, both internally and externally, for the Log4j vulnerability as well as many others. If you would like to scan for Log4j on your own, here is a link to help mitigate.