CISA Acts to Mitigate New Software Vulnerability 

This post is also available in: עברית (Hebrew)

The US Cybersecurity and Infrastructure Security Agency CISA published an open-sourced log4j-scanner to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities. The flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. 

The tool is derived from scanners created by other members of the open-source community by CISA’s Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

The tool enables security teams to scan network hosts for Log4j RCE exposure and spot web application firewall (WAF) bypasses that can allow threat actors to gain code execution within the organization’s environment, according to bleepingcomputer.com.

This is just the latest step taken by CISA to help government and private organizations respond to ongoing attacks abusing these critical security flaws in Apache’s Log4j logging library. The agency was also behind a joint advisory issued by cybersecurity agencies worldwide and US federal agencies with mitigation guidance. The agency is also spearheading a push for urgently patching devices vulnerable to Log4j attacks.

Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.