Cisa Federal Agencies Must Immediately Mitigate Log4J Vulnerabilities
CISA previously said federal civilian agencies would have until December 24 to address the issue, but it noted that the latest directive “is in response to the active exploitation by multiple threat actors of vulnerabilities found in the widely used Java-based logging package Log4j.” CISA Director Jen Easterly said they are urging organizations of all sizes to also assess their network security and adapt the mitigation measures outlined in the emergency directive....