“We cannot stress enough how important it is for everyone to patch this vulnerability as soon as possible,” said CERT NZ Director Rob Pope. “We know that malicious actors are constantly scanning systems worldwide, looking for a way in via the Log4j vulnerability.”
“It is only through collective actions that we can effectively address these types of attacks, which is why we’re proud to be part of an international effort to keep organisations safe and secure.”
In response to the active scanning and attempted exploitation by malicious threat actors an international group of cyber security agencies have issued a joint cybersecurity advisory. This group is made up of:
- Australian Cyber Security Centre (ACSC),
- Canadian Centre for Cyber Security (CCCS),
- Cybersecurity and Infrastructure Security Agency (CISA),
- Computer Emergency Response Team New Zealand (CERT NZ),
- Federal Bureau of Investigation (FBI),
- National Security Agency (NSA),
- New Zealand National Cyber Security Centre (NZ NCSC), and
- the United Kingdom’s National Cyber Security Centre (NCSC-UK).
US agency CISA, is coordinating the response.
“Log4j vulnerabilities present a severe and ongoing threat to organizations and governments around the world; we implore all entities to take immediate action to implement the latest mitigation guidance to protect their networks,” said CISA Director Jen Easterly.
The advisory contains technical details, mitigations, and resources to address known vulnerabilities in the Apache Log4j software library. This advisory also provides critical guidance that should be immediately implemented by any organisation using products with Log4j.