Security News > 2022 > January > FTC to Go After Companies that Ignore Log4j
The Federal Trade Commission will muster its legal muscle to pursue companies and vendors that fail to protect consumer data from the risks of the Log4j vulnerabilities, it warned on Tuesday.
"The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future," according to the warning.
" It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action," the FTC urged.
The FTC advised companies to use guidance from the Cybersecurity and Infrastructure Security Agency to check if they're using Apache's Log4j logging library, which is at the heart of the cluster of vulnerabilities known as Log4Shell.
On Dec. 17, CISA issued an emergency directive mandating federal civilian departments and agencies to immediately patch their internet-facing systems for the Log4j vulnerabilities by Thursday, Dec. 23.
One of the most challenging aspects of responding to the Log4j vulnerability is simply identifying the devices in an organization where Log4j is used.