At a glance.
- Five Eyes and allies respond to Log4j vulnerabilities.
- CISA director says new advisory committee will be less bark, more bite.
- US considers sanctions to defend Ukraine against Russian invasion.
Five Eyes and allies respond to Log4j vulnerabilities.
The flaws discovered in the Apache Log4j open source logging library has security developers across the globe racing to find a fix while hackers rush to develop exploits. The Five Eyes and their allies have issued warnings advising the IT community to be vigilant. Janet Easterly, director of the US Cybersecurity and Infrastructure Security Agency stated, “CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library...End users will be reliant on their vendors, and the vendor community must immediately identify, mitigate, and patch the wide array of products using this software.” Likewise, the UK’s National Cyber Security Centre released an alert urging vendors to follow “best practice advice in the mitigation of vulnerabilities,” and the Australian Cyber Security Centre has advised all “Australian organizations who utilize Apache Log4j2 versions prior to 2.15.0 should review their patch level and update.” The Canadian Centre for Cyber Security, New Zealand’s CERT NZ, Germany’s Federal Office for Information Security, and France’s CERT-FR have all published similar warnings.
CISA director says new advisory committee will be less bark, more bite.
The Record by Recorded Future reports that the Cybersecurity and Infrastructure Security Agency’s newly established Cybersecurity Advisory Committee gathered for the first time on Friday. CISA director Jen Easterly warned against the committee becoming just a “talking club” drafting wordy white papers, instead urging the group to develop concise, actionable proposals. “At the end of the day, this is really about implementing those things that will help CISA truly be the nation’s cyber defense agency, that is what the American people need, and that is what the American people deserve,” Easterly said. The Hill notes that during the nearly three-hour meeting, the discussion focused on the importance of the collaboration between public and private sectors, mitigating the spread of disinformation, and garnering the trust of the altruistic hacker community.
US considers sanctions to defend Ukraine against Russian invasion.
As Western concerns about the possible Russian invasion of Ukraine mount, Foreign Policy discusses the possible strategies that the US and its allies might employ to deter Russian aggression. Senator Bob Menendez, chairperson of the US Senate Foreign Relations Committee, issued a warning at a congressional hearing last week: “I want to be crystal clear to those listening to this hearing in Moscow, Kyiv, and other capitals around the world: A Russian invasion will trigger devastating economic sanctions, the likes of which we have never seen before.” As US President Joe Biden has signaled there will be no US military deployment, officials have been highlighting other means of deterring Russian aggression, including sanctions and possibly expelling Russia from the Society for Worldwide Interbank Financial Telecommunication. Western officials must tread carefully, however, and consider how punitive actions against the Kremlin could impact the world economy. Former US Treasury Department official Brian O’Toole says the West could target Russian banks like development bank VEB to damage Russia’s top government officials before hitting commercial banks that serve the larger population.