UK FCA raises flag on Apache Log4j cyber vulnerability

UK regulator Financial Conduct Authority (FCA) announced that it’s been made aware of a remote code execution vulnerability (CVE-2021-44228) that is affecting multiple versions of the Apache Log4j 2 library.

The National Cyber Security Centre (NCSC) is aware that scanning for this vulnerability has been detected in the UK and exploitation detected elsewhere. The NCSC has published guidance for firms to help identify if they may be affected. It will be updated regularly by the NCSC where more information is available.

The FCA recommended that all firms using the Apache Log4j 2 library review the NCSC guidance to ensure the safety of their firm’s systems and that any operational impacts associated with this issue should be escalated via normal supervisory reporting processes.



Related Posts

Previous Post
SteelEye: 2021 compliance year in review
Next Post
Financial Bite: SFDR and the implications for securities finance

Fill out this field
Fill out this field
Please enter a valid email address.


Reset password

Create an account