"CISA, Cybersecurity Centers From Australia, NZ, UK, and Canada Release Log4j Advisory"
Cybersecurity leaders from the US, Australia, Canada, New Zealand, and the UK have issued a new Log4j advisory. The guide covers technical details, mitigations, and resources for addressing vulnerabilities in the Apache Log4j software library. This is a joint project involving the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), Computer Emergency Response Team New Zealand (CERT NZ), New Zealand National Cyber Secure Centre (NZ NCSC), and the UK's National Cyber Security Centre (NCSC-UK). According to the organizations, the joint advisory is a response to the active exploitation of Log4j vulnerabilities by threat actors globally. Work has been done with entities in public and private sectors since the first vulnerability was detected to identify vulnerable products as well as raise awareness among affected organizations. A number of groups from North Korea, Iran, Turkey, and China, along with several ransomware groups and cybercriminal organizations, have been observed exploiting the Apache Log4j vulnerabilities. This article continues to discuss the joint cybersecurity advisory providing critical guidance that any organization using products with Log4j should implement, other efforts to help organizations address the issue, and other findings surrounding Log4j vulnerabilities.