CISA probes scope, potential fallout of Log4j vulnerability
A top government cyber official said Tuesday that the Cybersecurity and Infrastructure Security Agency hasn’t seen hackers compromise federal agencies by exploiting the Apache Log4j vulnerability — but the agency’s still fearful of widespread attacks stemming from it. Most of all, CISA’s Eric Goldstein said during a phone call Tuesday evening, the government is eager for help from the public in assembling a comprehensive list of all the products that might be susceptible to hackers using the vulnerability, known as Log4Shell in the widely deployed logging library, which the agency expects could affect hundreds of millions of devices or more. CISA and private sector cybersecurity investigators have struck exceptionally dire notes about the potential fallout that have not, as of yet, come to fruition. It’s that unknown potential, however, that has prompted CISA to try to get organizations to patch their systems and take other steps to secure them. “Certainly […]
The post CISA probes scope, potential fallout of Log4j vulnerability appeared first on CyberScoop.
Continue reading CISA probes scope, potential fallout of Log4j vulnerability