The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch Apache Log4Shell vulnerabilities before Christmas. They have given December 24th as the deadline to make fixes to protect their system from major hacks. It is to safeguard themselves against the pervasive security flaw by Christmas Eve. The CISA has also issued mitigation guidance in response to active exploitation.
Log4Shell is one of the gravest security flaws in the past decade. The agency has added the Log4Shell bug to its catalog of actively-exploited vulnerabilities, together with 12 other security flaws. As stated “a severe risk” by CISA head Jen Easterly, it has also been warned by Microsoft as a threat ‘as some nation-state hacking groups’ are using it.
As per the catalog, federal agencies have ten days to test and identify which of their internal apps and servers use the Log4j Java library, check if systems are susceptible to the Log4Shell exploit, and set the affected servers right.
According to Sonatype, there have been 28.6 million downloads of Log4J, the code containing the flaw, in the past 4 months. Log4Shell threat becomes more serious when we know that it is an easy-to-exploit vulnerability that is being exploited across the world.CISA plans to list all software vendors that have products vulnerable to the Log4Shell vulnerability on their dedicated web page. This is intended to offer a central place where companies can get Log4Shell patching information.
- Reddit Is Clearing Up Old Chats And Messages - July 13, 2023
- Toyota Debuts All-Electric Futuristic SUV Concept Under Its bZ Brand Umbrella - November 17, 2022
- Microsoft Announces Microsoft Dev Box Preview - August 16, 2022
