Federal agencies ordered to immediately patch systems against Apache vulnerability

The Hill

December 17, 2021 at 11:30 AM·2 min read

Federal agencies on Friday were ordered to immediately investigate and patch systems to prevent exploitation of a massive vulnerability in Apache logging library log4j that has been increasingly used by nations and cybercriminals to target organizations around the world.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive giving agencies until Dec. 23 to identify which software is impacted by log4j and then either deploy patches against these vulnerabilities or remove the impacted software from the network. The agencies must report all impacted software and actions taken to CISA by Dec. 28.

Following these actions, CISA will provide a report in February to the secretary of Homeland Security and to the Office of Management and Budget, and will keep working with partners to help remediate the vulnerability.

"CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action," the directive reads. "This determination is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems."

The vulnerability, first uncovered a week ago, has sent cybersecurity professionals scrambling to address the issue, which has been particularly difficult given that log4j is a fundamental ingredient of much of the software used by major companies.

Nation states have quickly moved to try to take advantage of the situation, with Microsoft and Mandiant reporting earlier this week that Chinese and Iranian hackers had been attempting to exploit the log4j vulnerability.

Exploitation has reached massive levels worldwide, with a spokesperson for Check Point Software telling The Hill Friday that the company had seen 3.8 million attempts to use the vulnerability, more than 100 attempts per moment globally, and that around half of all corporate networks worldwide had been targeted.

"The log4j vulnerabilities pose an unacceptable risk to federal network security," CISA Director Jen Easterly said in a statement Friday. "CISA has issued this emergency directive to drive federal civilian agencies to take action now to protect their networks, focusing first on internet-facing devices that pose the greatest immediate risk."

Such agencies are certainly at risk, with Anne Neuberger, the deputy national security advisor for Cyber and Emerging Technology, telling Bloomberg Television Thursday that some agencies had been impacted.

Easterly stressed Friday that while the directive only applies to federal agencies, all companies should take similar measures to protect themselves.

"CISA also strongly urges every organization large and small to follow the federal government's lead and take similar steps to assess their network security and adapt the mitigation measures outlined in our Emergency Directive," Easterly said. "If you are using a vulnerable product on your network, you should consider your door wide open to any number of threats."

Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
What scouts think of Bronny James' NBA prospects
The biggest question looming over the NBA draft combine this week: How will Bronny James do?
Yahoo Sports
2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set
With the lottery order set, here's a look at Yahoo Sports' projections for both rounds of the 2024 NBA Draft.
Yahoo Sports
NFL schedule release: Chiefs to host Ravens in 2024 season opener
Chiefs vs. Ravens on Sept. 5 will be a rematch of last season's AFC Championship Game.
Yahoo Sports
Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?
For rookies who were waived, the climb to their pro dreams is steeper, but the path ahead is well-worn with trail markers of established success.
Yahoo Sports
The Spin: Making a call on 5 slumping fantasy baseball stars
All five of these hitters were drafted highly in fantasy baseball leagues. So far, they have not lived up to their ADPs — and that's an understatement. Scott Pianowski analyzes.
Yahoo Finance
Utility stocks are on fire — here are Wall Street analysts' top picks
Utility stocks are outperforming the broader markets. Here's a look at three top picks from analysts.
Yahoo Sports
Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?
In one scenario, Dallas makes Prescott the highest paid player in NFL history. In another, the Cowboys decline that commitment, at which point another team will make him the top paid player in NFL history.
Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list
Here's a look at the rookies who have stood out on each team through the first quarter of the 2024 season.
Autoblog
Best used cars to buy in 2024: From trucks and SUVs to EVs
The best used cars to buy in 2024 include small and midsize cars, trucks, crossovers and SUVs, and even a couple of used electric cars.
Yahoo Finance
Here's 1 big investing mistake you are probably still making
Maybe a 5% CD isn't the best choice for your hard-earned money.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
LeBron James greeted with rousing ovation from Cavaliers fans while sitting courtside for Celtics game
LeBron James' offseason of intrigue continued Monday with a visit to Cleveland.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Sports
Lions reportedly sign QB Jared Goff to 4-year, $212 million extension
The Detroit Lions have had a busy offseason, and that continued on Monday with the reported extension of quarterback Jared Goff.
Yahoo Sports
Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal
Jimmy Dunne cited 'no meaningful progress' being made in negotiations between the PGA Tour and LIV Golf as a reason for his resignation.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Six quarterback situations to worry about & three that are on the precipice | Zero Blitz
Jason Fitz, Charles Robinson and Frank Schwab talk about which quarterback rooms concern them and which they find interesting heading into the 2024 NFL season.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Federal agencies ordered to immediately patch systems against Apache vulnerability

Recommended Stories

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

What scouts think of Bronny James' NBA prospects

2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set

NFL schedule release: Chiefs to host Ravens in 2024 season opener

Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?

The Spin: Making a call on 5 slumping fantasy baseball stars

Utility stocks are on fire — here are Wall Street analysts' top picks

Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list

Best used cars to buy in 2024: From trucks and SUVs to EVs

Here's 1 big investing mistake you are probably still making

The best RBs for 2024 fantasy football, according to our experts

LeBron James greeted with rousing ovation from Cavaliers fans while sitting courtside for Celtics game

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

Lions reportedly sign QB Jared Goff to 4-year, $212 million extension

Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal

The best budgeting apps for 2024

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Six quarterback situations to worry about & three that are on the precipice | Zero Blitz