The Cybersecurity and Infrastructure Security Agency urged the private and public sectors to actively address a critical vulnerability that a growing set of threat actors are exploiting.
Details:
-
CISA said a vulnerability in Java logging library log4j poses a “severe risk” to any device that runs the program and is exposed to the internet.
-
CISA recommends steps to mitigate the vulnerability: enumerating external-facing devices, actioning every alert on these devices, and installing a web application firewall with automatic updates.
-
Apache released an updated version of log4j to address the vulnerability.
-
Microsoft issued guidance for addressing log4j exploitation.
More: Additional tools and information for community banks are available on ICBA's Cyber and Data Security resource center.