Happening now-@CISAgov update on #Log4j shell: "This really is the most serious vulnerability I've seen in my career" per Director @CISAJen

Likely present in hundreds of millions of products worldwide, & exploiting vulnerability "trivial" she adds
"We have seen widespread exploitation" by criminal actors & seen some reports of more significant activity, per @CISAJen

But @CISAgov cannot independently confirm some reported use/exploitation by foreign adversaries
.@CISAgov continues to push for remediation and strengthening security protocols as it leads US response, per @CISAJen

CISA's webpage with guidance has already gotten 330,000 page views since it was stood up almost a month ago

Another tool downloaded @ 4,000 times
"We at this point are not seeing any confirmed compromises of federal agencies...including critical infrastructure" per @CISAgov's Eric Goldstein "We are not at this point seeing destructive attacks...it is certainly possible that that may change"
Officials are seeing lots of scanning, adds @CISAgov's Eric Goldstein

re #Log4j #Log4shell
CISA in touch with many vendors, especially those connected to critical infrastructure & for the most part they have been responsive, per @CISAgov's Goldstein
"We have no confirmed #ransomware intrusions where we can authoritatively state that #Log4shell was used" per @CISAgov's Goldstein
More on #Log4j-#ransomware: "We don't have incident reporting legislation that would help us get better visibility of that" per @CISAJen

Says also possible there could be some lag
.@CISAgov keeping a very close eye on hospitals in regards to concerns about #ransomware attacks, per @CISAJen
"We are concerned that threat actors are going to start taking advantage of this vulnerability & having impacts in particular on critical infrastructure, & because there is no legislation in place, we will likely not know about it" per @CISAJen
"It's important that such legislation is passed to ensure that CISA & our partners receive timely information about successful exploitation, in particular of critical infrastructure networks, as soon as possible after they are discovered" per @CISAJen

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jeff Seldin

Jeff Seldin Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jseldin

11 Jan
Waring from @SenatorDurbin to open Senate Judiciary Committee hearing on "The Domestic Terrorism Threat One Year After January 6"

"Whether boosters of of the 'Big Lie' know it or not, they are playing with fire..."
"...By supporting the false narrative that the 2020 election was somehow stolen or rigged, they have rationalized the worst assault on our Capitol since the War of 1812" per @SenatorDurbin "And, in turn, they are normalizing the use of violence to achieve political goals..."
"Congress, this is how democracies die"per @SenatorDurbin
Read 28 tweets
11 Jan
ICYMI: @INDOPACOM on latest #DPRK missile launch:

"We are aware of the ballistic missile launch & are consulting closely with our allies & partners" per statement "We have assessed that this event does not pose an immediate threat to US personnel or territory, or to our allies"
More: "The missile launch highlights the destabilizing impact of the #DPRK’s illicit weapons program" per @INDOPACOM "The US commitment to the defense of the Republic of #Korea & #Japan remains ironclad"
US @StateDept on #NorthKorea missile launch

"The United States condemns the #DPRK’s ballistic missile launch. This launch is in violation of multiple @UN Security Council Resolutions & poses a threat to the DPRK’s neighbors and the international community"
Read 6 tweets
10 Jan
NEW: "We've seen no major changes to the force posture by the #Russia|ns" around #Ukraine, per @PentagonPresSec

"We have not seen any decreases. They continue to have a sizable force posture..." he says
#GITMO / #GuantanamoBay - "We continue to be committed to closing that facility" per @PentagonPresSec

"We continue to look & have looked for ways...to transfer, relocate detainees"

Says 13 of the remaining detainees are eligible for transfer, 14 up for review board
US-#Ukraine-#Russia: "We have & we will continue to provide security assistance to Ukraine as appropriate going forward" per @PentagonPresSec

Nothing specific on what that assistance will look like going foward
Read 4 tweets
16 Dec 21
just in: Ex-defense contractor arrested, charged w/trying to pass info to #Russia

Per @TheJusticeDept, 63yo John Murray Rowe attempted to pass along SECRET info on electronic countermeasure systems used by fighter jets...
...@TheJusticeDept also says Rowe told an undercover @FBI agent, “If I can’t get a job here then I’ll go work for the other team” & separately asked abt getting security clearance from the #Russia|n gvt
More: Rowe was fired as a US defense contractor, "After committing a number of security violations and revealing a fervent interest in #Russia|n affairs" per @TheJusticeDept
Read 4 tweets
16 Dec 21
"Terrorist groups remained a persistent & pervasive threat worldwide" per new @StateDept report

"Although #ISIS lost all the territory it had seized in #Iraq & #Syria, the organization & its branches continued to mount a worldwide terrorism campaign..."
"#ISIS affiliates outside #Iraq & #Syria caused more fatalities during 2020 than in any previous year" per new @StateDept CT report

"Deaths attributable to ISIS-affiliated attacks in West #Africa alone almost doubled from around 2,700 in 2017 to nearly 5,000 in 2020"
#alQaida's "networks continued to exploit undergoverned spaces, conflict zones, and security gaps in the #MiddleEast to acquire terrorist resources & conduct terrorist attacks" per new @StateDept CT report
Read 4 tweets
15 Dec 21
"We continue to make progress but we still have a ways to go" on countering domestic terrorism, John Cohen, in @DHSgov's Office of Intelligence and Analysis (I&A), tells @gwupoe & @NCITE_COE
"In some respects, the threat is more volatile than it was in June" per @DHSgov's Cohen, citing the consumption of online content placed by foreign intelligence services as well as terrorist and extremist groups
Narratives being placed online by these foreign intelligence services, other threat actors are "rapidly finding their way into the mainstream media ecosystem" per @DHSgov's Cohen
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(