News

US cybersecurity center: government services must immediately patch log4j systems

By admin
Spread the love

The Cybersecurity and Infrastructure Security Agency, or CISA, has issued an emergency order requiring U.S. civilian government agencies and agencies to immediately patch log4j systems or take other measures.

Under Emergency Directive 22-02, US civilian government departments are required to assess whether systems with internet access are susceptible to log4j vulnerabilities. If these systems are indeed sensitive to this, then government departments must immediately install updates to counter cyber attacks, or take ‘other appropriate measures’.

Government bodies must implement these patches or other measures by Thursday at the latest. In addition, the services must report to the CISA what measures they have taken; they have until Tuesday 28 December to do this. Non-government organizations are also “highly recommended” by the cybersecurity agency to take immediate action.

CISA has collected a list of mitigation proposals from IBM Security, Cloudflare and Microsoft, among others, with which government departments can investigate measures. A GitHub list of affected devices and services can also be found here.

The emergency order is in response to active abuse of the log4j vulnerabilities, the agency said. CISA director says the log4j vulnerabilities pose an “unacceptable risk” to government network security.

You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

SUSE to fork Red Hat Enterprise Linux after source code access restrictions

News

Senate adopts bill to make doxing a punishable offense

News

Apple withdraws Rapid Security Response security update for WebKit vulnerability