[ad_1]
The Cybersecurity and Infrastructure Safety Company (CISA) has launched an open supply scanner that companies can use to search out Net providers weak to Log4j distant code execution vulnerabilities CVE-2021-44228 and CVE-2021-45046.
“Log4j-scanner is a undertaking derived from different members of the open-source group by CISA to assist organizations determine doubtlessly weak internet providers affected by log4j vulnerabilities,” CISA officers wrote on GitHub.
The knowledge and code within the repository have been offered “as is,” assembled with assist from the open supply group, and up to date by CISA via a collaboration with the broader safety group, they famous.
Officers famous there are probably extra, nonetheless unknown methods to make use of the Log4j vulnerabilities and that CISA is monitoring a number of platforms to remain updated because the scenario evolves.
In a tweet
posted Dec. 21, Secretary Alejandro Mayorkas reported the Log4j vulnerability may even be included within the scope of the brand new “Hack DHS” bug bounty program introduced Dec. 15. This system will embody further incentives to search out and patch Log4j-related flaws in DHS methods, Mayorkas wrote.
Try the CISA scanner on GitHub. Sustain with the newest cybersecurity threats, newly-discovered vulnerabilities, knowledge breach info, and rising traits. Delivered every day or weekly proper to your e mail inbox.Subscribe
[ad_2]