Notified has been actively tracking the Apache Software security advisory to address a remote code execution vulnerability, known as Log4Shell (CVE-2021-44228), affecting Log4j versions 2.0-beta9 to 2.14.1. Following the recommendations from the Cybersecurity & Infrastructure Security Agency (CISA), Notified has taken the following actions:
1. Our vulnerability scanning program operates on a 24-hour cycle across our entire perimeter. No external instances of Log4Shell have been enumerated.
2. The Notified SOC has elevated the priority to any Apache related system regardless of the presence of Log4Shell.
3. The perimeter WAF has been updated to actively block the Log4Shell vulnerability following the guidance of the manufacturer.
4. We are actively monitoring threat feeds and information provided by software manufacturers to validate our on-premises and cloud-based software is updated if appropriate.
At this time Notified is not aware of any compromise or exploits of this vulnerability being applied to our applications, products, or infrastructure. Should there be any changes we will updated our partners and customers as appropriate.
Apache Software Security Advisory:
Notified has been actively tracking the Apache Software security advisory to address a remote code execution vulnerability, known as Log4Shell (CVE-2021-44228), affecting Log4j versions 2.0-beta9 to 2.14.1. Following the recommendations from the Cybersecurity & Infrastructure Security Agency (CISA), Notified has taken the following actions:
1. Our vulnerability scanning program operates on a 24-hour cycle across our entire perimeter. No external instances of Log4Shell have been enumerated.
2. The Notified SOC has elevated the priority to any Apache related system regardless of the presence of Log4Shell.
3. The perimeter WAF has been updated to actively block the Log4Shell vulnerability following the guidance of the manufacturer.
4. We are actively monitoring threat feeds and information provided by software manufacturers to validate our on-premises and cloud-based software is updated if appropriate.
Product Specific Updates
1. MMC has been confirmed no impact
2. Notified PR Cloud Listen is not impacted
3. WebHosting – Remediated
4. Globe News Wire – Remediated
5. Studio – No impact confirmed
6. Hubb – No impact confirmed
7. Investor Relation – Remediated
8. Press Release – No impact confirmed
All remediations include updating the Apache version to V2.17.1.
Vendor Updates
1. Acquia – Remediated
2. Tableau – Remediated
3. Solarwinds – Remediated
4. AWS – Remediated
At this time Notified is not aware of any compromise or exploits of this vulnerability being applied to our applications, products, or infrastructure. Should there be any changes we will update our partners and customers as appropriate.
Comments
Apache Software Security Advisory:
Notified has been actively tracking the Apache Software security advisory to address a remote code execution vulnerability, known as Log4Shell (CVE-2021-44228), affecting Log4j versions 2.0-beta9 to 2.14.1. Following the recommendations from the Cybersecurity & Infrastructure Security Agency (CISA), Notified has taken the following actions:
1. Our vulnerability scanning program operates on a 24-hour cycle across our entire perimeter. No external instances of Log4Shell have been enumerated.
2. The Notified SOC has elevated the priority to any Apache related system regardless of the presence of Log4Shell.
3. The perimeter WAF has been updated to actively block the Log4Shell vulnerability following the guidance of the manufacturer.
4. We are actively monitoring threat feeds and information provided by software manufacturers to validate our on-premises and cloud-based software is updated if appropriate.
At this time Notified is not aware of any compromise or exploits of this vulnerability being applied to our applications, products, or infrastructure. Should there be any changes we will updated our partners and customers as appropriate.
CISA Statement https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
Apache Software Security Advisory:
Notified has been actively tracking the Apache Software security advisory to address a remote code execution vulnerability, known as Log4Shell (CVE-2021-44228), affecting Log4j versions 2.0-beta9 to 2.14.1. Following the recommendations from the Cybersecurity & Infrastructure Security Agency (CISA), Notified has taken the following actions:
1. Our vulnerability scanning program operates on a 24-hour cycle across our entire perimeter. No external instances of Log4Shell have been enumerated.
2. The Notified SOC has elevated the priority to any Apache related system regardless of the presence of Log4Shell.
3. The perimeter WAF has been updated to actively block the Log4Shell vulnerability following the guidance of the manufacturer.
4. We are actively monitoring threat feeds and information provided by software manufacturers to validate our on-premises and cloud-based software is updated if appropriate.
Product Specific Updates
1. MMC has been confirmed no impact
2. Notified PR Cloud Listen is not impacted
3. WebHosting – Remediated
4. Globe News Wire – Remediated
5. Studio – No impact confirmed
6. Hubb – No impact confirmed
7. Investor Relation – Remediated
8. Press Release – No impact confirmed
All remediations include updating the Apache version to V2.17.1.
Vendor Updates
1. Acquia – Remediated
2. Tableau – Remediated
3. Solarwinds – Remediated
4. AWS – Remediated
At this time Notified is not aware of any compromise or exploits of this vulnerability being applied to our applications, products, or infrastructure. Should there be any changes we will update our partners and customers as appropriate.
CISA Statement https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
Please sign in to leave a comment.