FTC Warns Companies to Remediate Log4j Security Vulnerability | Mintz – Privacy


Before the holidays, we warned of a critical vulnerability in a widely-used Java logging utility that could affect tens of thousands of companies.   Since that original alert, multiple US and foreign government cybersecurity agencies published a joint advisory and guidance for affected organizations recommending that patches or workarounds be applied immediately to mitigate the vulnerabilities and exposure.   The US Cybersecurity and Infrastructure Security Agency also ordered US federal civilian executive branch agencies to patch within days of the order. 

The Federal Trade Commission has now issued a release warning all companies utilizing the Java-based Log4j to identify and remedy the reported vulnerabilities.  The FTC warns that companies are obligated to “take reasonable steps to mitigate known software vulnerabililties” under various laws, including the FTC Act and the Gramm-Leach-Bliley Act, and that the Commission “intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure.”

If your company has not analyzed its exposure to Log4j, it is time to do so and to deploy patches or workarounds if patches are not possible.  Apache has created a full site with patches and more information.   Breaches resulting from a failure to address this critical vulnerability can exposure your company to regulatory actions in addition to potential litigation.

[View source.]



Read More: FTC Warns Companies to Remediate Log4j Security Vulnerability | Mintz – Privacy

Leave a comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Live News

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.