December 22, 2021
CSE’s Canadian Centre for Cyber Safety joined cyber safety companions from the Cybersecurity and Infrastructure Safety Company (CISA), Federal Bureau of Investigation (FBI), Nationwide Safety Company (NSA), Australian Cyber Safety Centre (ACSC), the UK’s Nationwide Cyber Safety Centre (NCSC-UK), and the Laptop Emergency Response Staff New Zealand (CERT NZ), and business members of CISA’s Joint Cyber Defence Collaborative, issuing a joint advisory responding to a number of vulnerabilities in Apache’s Log4j software program library. Superior persistent risk (APT) actors are actively scanning networks to doubtlessly exploit these vulnerabilities and susceptible programs.
This joint CSA expands on recommendation and steerage the Cyber Centre has beforehand issued by detailing steps that distributors and organizations with IT and/or cloud property ought to volountarily take to answer these vulnerabilities.
These steps embody:
- Figuring out property affected by Log4Shell and different Log4j-related vulnerabilities,
- Upgrading Log4j property and affected merchandise to the newest model as quickly as patches can be found and remaining alert to vendor software program updates, and
- Initiating hunt and incident response procedures to detect attainable Log4Shell exploitation.
The CSA additionally offers steerage for affected organizations with operational expertise (OT)/industrial management programs (ICS) property.
Extra info on this joint advisory