FBI Statement on Log4j Vulnerability
Updated December 22, 2021: The FBI, CISA, NSA, and international partners have released a joint cybersecurity advisory (CSA) to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library.
If you think your organization has been compromised as a result of the Log4j vulnerability, visit fbi.gov/log4j to report to the FBI. Please include as much information as possible to assist the FBI and CISA in determining prioritization for victim outreach.
Due to the potential scale of this incident, the FBI and CISA may be unable to respond to each victim individually, but all information we receive will be useful in countering this threat. As always, we stand ready to assist any impacted entities.