US Cyber ​​Security Center: Government Services Must Patch Log4j Systems Immediately – Computers – News – archyde

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency order urging civil US government agencies and agencies to patch log4j systems or take other action immediately.

under Emergency Policy 22-02 US and civil government agencies must assess whether systems with Internet access are sensitive to it log4j vulnerabilities. If these systems are indeed sensitive to it, government agencies must immediately install updates to counteract cyber attacks, or take “other appropriate measures”.

Government agencies must implement these patches or other measures by Thursday at the latest. In addition, the services must report to the CISA which measures they have taken; you have until Tuesday, December 28th, to do so. The cybersecurity agency also “strongly recommends” that non-governmental organizations take immediate action.

KAG hat collected a list Mitigation proposals from, among others, IBM Security, Cloudflare and Microsoft, with which government agencies can investigate measures. A GitHub list of affected devices and services can also be found here.

The agency announced that the emergency ordinance was a reaction to the active abuse of the log4j vulnerabilities. The CISA director says the log4j vulnerabilities pose an “unacceptable risk” to government network security.

Leave a Reply

Your email address will not be published.