Five Eyes nations warn of cyber threats from Apache vulnerability
Federal agencies in the United States, as well as top cybersecurity agencies in the other countries that make up the Five Eyes intelligence alliance, warned Wednesday that hackers are “activel…
thehill.com
The vulnerability, uncovered earlier this month, has quickly snowballed into one of the most widespread cybersecurity vulnerabilities in recent years, with security professionals scrambling to deploy patches for a software that underlies the majority of organizations around the world.
“These vulnerabilities, especially Log4Shell, are severe,” the agencies warned. “These vulnerabilities are likely to be exploited over an extended period.”
CISA in particular has taken action, with the agency last week putting out an emergency directive ordering federal agencies to immediately investigate and patch against the vulnerability, and creating a team through its Joint Cyber Defense Collaborative to address the issue.
Homeland Security Secretary Alejandro Mayorkas said Tuesday the recently announced Hack DHS bug bounty program would be extended to include incentives for vetted cybersecurity professionals to hunt through some external DHS systems for log4j-related vulnerabilities.
CISA Director Jen Easterly last week underscored the threat from the vulnerability, which may take years to fully patch across all systems.
“CISA estimates that hundreds of millions of devices in use around the world are potentially susceptible to the log4j vulnerability,” Easterly said in a statement provided to The Hill last week. “We know malicious actors are actively exploiting this vulnerability in the wild.”