Skip to content

No Significant Intrusions Related to Log4j Flaw Yet, CISA Says

Posted by:
< 1 min read

January 10, 2022 – Published on Dark Reading

n the one month since news broke of a critical remote code execution vulnerability in the Log4j logging framework, there have been no major intrusions tied to the flaw in the US, officials from the Cybersecurity & Infrastructure Security Agency (CISA) said Monday.

However, they warned about the possibility of attackers exploiting the flaw later because of its prevalence—hundreds of millions of devices and components have the vulnerability—and the ease with which it can be exploited.

Matt Keller, vice president of federal services at GuidePoint Security, says his organization’s interactions with federal agencies show that some of them are struggling to patch the Log4Shell flaw because they have end-of-life or end-of-support systems in their environment. 

“When a system or software is end of life/end of support, typically the company that designed and wrote the software moves the development team on to other projects,” Keller says. As a result, patches may not always be available for bugs that surface in these products, he says. “The system can be patched if a patch is available. Sometimes vendors will release a patch for a critical patch for something like this, but they aren’t required to,” he says.

Read More HERE.

Categories: Cybersecurity News Vulnerability Management & Penetration Testing

GuidePoint Security

Security Advisory: Log4j Vulnerability
Original Post on December 13, 2021 (Updated on 12/20/2021) ***Note: The intent of this analysis is to aggregate the wide […]
View Page

Related Articles

View All

  • Threat Advisory
Security Advisory: Log4j Vulnerability
Posted by: GuidePoint Security
Read More 7 min read
  • Vulnerability Management & Penetration Testing
What you need to know about the Log4j vulnerability
Read More < 1 min read
  • Vulnerability Management & Penetration Testing
Agencies race to patch Log4j
Read More 2 min read