The Cybersecurity and Infrastructure Security Agency, the FBI, the National Security Agency and international partners jointly released an advisory on how to mitigate vulnerabilities of the Apache Log4j software library.
CISA said Wednesday that its new joint advisory addresses global exploitations of weaknesses in the Java-based Log4j logging package, which is used in websites, operational technology systems and enterprise services.
The advisory recommends organizations identify assets affected by Log4j vulnerabilities, update Log4j assets and run incident response efforts to detect exploitation.
“We continue to urge anyone who is impacted by the Log4j vulnerability to apply all recommended mitigations from CISA and visit fbi.gov/log4j to report details of your suspected compromise,” said Bryan Vorndran, assistant director of the FBI’s cyber division.
CISA also published a webpage dedicated to providing resources on mitigating Log4j vulnerabilities. New Zealand, Canada, Australia and the U.K. served as CISA’s international partners for the joint advisory.