Log4Shell: All safe while you are on holiday.
A new online vulnerability called Log4Shell was detected on the 13th of December 2021, causing havoc globally.
In short, it is a vulnerability in the Log4j library in java-based environments that hackers can utilize to get access to networks and servers.
More detail can be obtained from various security providers, but for your information we have added a SOPHOS link as we utilize their products for our security needs.
A message from our security manager:
“After a comprehensive investigation of all locations or devices where this could be used, I can confirm that we do not have any possible areas where this can be an issue.
We performed a full investigation into our software on development level and the identified library that causes this vulnerability is not being utilized by any of our products.
Infrastructure-wise we use VMWARE, which was identified as a possible risk, but not on our side as we don’t expose our VMWARE management to the public-facing IPs. Furthermore, VMWARE has already patched and updated our VMWARE instance on 13/12/21.
Sophos has already released and updated their in- and outbound traffic scanning signatures to block any Log4shell like traffic in our environment.
No other possible vulnerability was detected on the 14th of December 2021.
Please note that AJS keeps a rigid policy on our security infrastructure, and updates and definitions are applied as soon as possible.”
No action is required from you, except to rest assured that you are safe in our hands.