The Fives Eyes intelligence alliance have warned that threat actors are actively exploiting an Apache vulnerability in the Log4j logging library. The Five Eyes alliance, consisting of cybersecurity agencies in US, UK, Australia, Canada and New Zealand, announced in a joint statement on Wednesday that, “sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021- 45105 in vulnerable systems.”
Previously the CISA published guidance on Log4Shell. This joint statement from Five Eyes expands on this guidance and provides the additional following steps:
“• Identifying assets affected by Log4Shell and other Log4j-related vulnerabilities
• Upgrading Log4j assets and affected products to the latest version as soon as patches are available and remaining alert to vendor software updates
• Initiating hunt and incident response procedures to detect possible Log4Shell exploitation.”
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy settings
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance

source

You May Also Like

Synopsys’ OSSRA report reveals challenges with managing open source risk in software supply chains

Last week, Synopsys released its 2022 Open Source Security and Risk Analysis…

Searchlight Security appoints Cylance and Blackberry’s Eric Milam to lead its dark web intelligence product strategy

Searchlight Security appointed Eric Milam as their new Executive Vice President of…

New NHS Digital Materials Aim to Boost Cybersecurity Awareness in Social Care Organisations

This week the UK’s social care sector received a boost after NHS…