NEW: #Log4j vulnerability "extremely concerning" per @CISAgov Exec Asst Director for Cybersecurity Eric Goldstein

Log4j library "widely used in a variety of devices & products, both consumer & enterprise, across sectors & across functions" he says
#Log4j vulnerability "extremely easy to exploit & new ways to exploit it are being reported continuously over the last several days" per @CISAgov's Goldstein "Exploiting this vulnerability gives an adversary potentially deep access into a target"
"We have seen a wide range of threat activity" due to #Log4j, per @CISAgov's Goldstein "It has largely been low level activity such as crypto miners. But we do expect that adversaries of all sorts will utilize this vulnerability to achieve their strategic goals"
"We are seeing broad reports now of some other actors potentially using this vulnerability for other types of attacks. But those as yet are unconfirmed" per @CISAgov's Goldstein
"We have no confirmed instances of federal agencies that have been compromised" per @CISAgov's Goldstein re #Log4j

"These are products that are used by every major organization around the world...likely the case that federal agencies are indeed utilizing some of these products"
"At this point we are not able to attribute any activity related to this vulnerability to specific actors" per @CISAgov's Goldstein re #Log4j
"We are not seeing widespread highly sophisticated damaging intrusion campaigns" per @CISAgov's Goldstein re #Log4j

"Certainly we are deeply concerned abt the prospect of adversaries using this vulnerability to cause real harm & even impacting national critical functions"
"Critical infrastructure organizations are taking urgent mitigation steps, including patching products where available...& thus far hve been able to do so w/out material impacts to their critical functions or services" per @CISAgov's Goldstein re #Log4j
"At this point we are not seeing any impact on national critical functions" per @CISAgov's Goldstein
Overall, "our estimate is that certainly hundreds of millions of devices are likely impacted" by #Log4j, per @CISAgov's Goldstein

"That number will change as more vulnerable products are possibly identified"

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jeff Seldin

Jeff Seldin Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jseldin

16 Dec
just in: Ex-defense contractor arrested, charged w/trying to pass info to #Russia

Per @TheJusticeDept, 63yo John Murray Rowe attempted to pass along SECRET info on electronic countermeasure systems used by fighter jets... ImageImage
...@TheJusticeDept also says Rowe told an undercover @FBI agent, “If I can’t get a job here then I’ll go work for the other team” & separately asked abt getting security clearance from the #Russia|n gvt
More: Rowe was fired as a US defense contractor, "After committing a number of security violations and revealing a fervent interest in #Russia|n affairs" per @TheJusticeDept
Read 4 tweets
16 Dec
"Terrorist groups remained a persistent & pervasive threat worldwide" per new @StateDept report

"Although #ISIS lost all the territory it had seized in #Iraq & #Syria, the organization & its branches continued to mount a worldwide terrorism campaign..."
"#ISIS affiliates outside #Iraq & #Syria caused more fatalities during 2020 than in any previous year" per new @StateDept CT report

"Deaths attributable to ISIS-affiliated attacks in West #Africa alone almost doubled from around 2,700 in 2017 to nearly 5,000 in 2020"
#alQaida's "networks continued to exploit undergoverned spaces, conflict zones, and security gaps in the #MiddleEast to acquire terrorist resources & conduct terrorist attacks" per new @StateDept CT report
Read 4 tweets
15 Dec
"We continue to make progress but we still have a ways to go" on countering domestic terrorism, John Cohen, in @DHSgov's Office of Intelligence and Analysis (I&A), tells @gwupoe & @NCITE_COE
"In some respects, the threat is more volatile than it was in June" per @DHSgov's Cohen, citing the consumption of online content placed by foreign intelligence services as well as terrorist and extremist groups
Narratives being placed online by these foreign intelligence services, other threat actors are "rapidly finding their way into the mainstream media ecosystem" per @DHSgov's Cohen
Read 20 tweets
15 Dec
Happening now: @TheJusticeDept, #Australia sign agreement to deepen cooperation through the #CLOUDAct - which allows law enforcement agencies to force tech companies to turn over electronic communications for use in criminal investigations
#Australia|n Minister for Home Affairs @karenandrewsmp says the new agreement will allow both countries "to share important digital information and data" including child sexual abuse, #ransomware & attacks on critical infrastructure
The first agreement under the CLOUD Act was signed by the US & #Britain back in 2019

From my @VOANews colleague @masoodfarivar:
voanews.com/a/usa_us-uk-si…
Read 4 tweets
15 Dec
US renews alarm over potential deal to bring #Russia's #Wagner mercenaries to #Mali

"The reported deal -costing $10 million per month- diverts money that could be used to support the Malian Armed Forces & public services" per @StateDept
MORE: "Countries that experience #Wagner group deployments within their borders soon find themselves poorer, weaker, & less secure" per @StateDept re #Mali

"The cases of #Libya, #CAR, #Ukraine, & #Syria are examples of the detrimental impact of Wagner Group deployments..."
"We urge the transitional government in #Mali not to divert scarce budgetary resources away from the Malian Armed Forces’ fight against terrorism" per @StateDept
Read 7 tweets
14 Dec
Recent bipartisan trip to #Ukraine "very concerning" per Florida Rep @michaelgwaltz
US special operators in Ukraine told him Ukraine's military "has come along way" but also "have a long way to go" per @michaelgwaltz

"There was certainly a sense of appreciation & frustration" he adds, re Ukrainian officials wanting/needing additional aid from the US
"Promising tough action...after an invasion will do very little in terms of #Putin's calculus" per @michaelgwaltz

"Sanctions need to be going into place now...raise the costs now" for #Russia, he says
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(