A Joint Cybersecurity Advisory from CISA, FBI and NSA: Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
As we have mentioned a few times here at OODA Loop, we are very discerning in our amplification of US-CERT e-mail notifications. Emergency Directives and Joint Cybersecurity Advisories (CSAs) are the exceptions. The Joint CSA released today by CISA, the FBI, and the NSA is very much aligned with our coverage of the current tension in Ukraine and the role of cyber and information threat vectors in gray-zone conflicts. Following are the details of the Joint CSA.
An up-to-the-minute summary of major Log4Shell incidents and mitigation activities – as reported by governmental agencies from around the world since the inception of the threat in December 2021.
Five Eyes Issue Joint Log4Shell Advisory: “Agencies Strongly Urge All Organizations Take Immediate Action to Protect their Networks”
The Five Eyes intelligence allies – government agencies in the United States, United Kingdom, Australia, Canada, and New Zealand – issued a joint Cybersecurity advisory (CSA) days before the Christmas holiday, offering guidance for the Apache Log4j vulnerability worldwide. Nation-states and ransomware gangs are already starting to exploit the vulnerabilities, including Log4Shell (part of the Log4j software library).