Background information
Log4j is one of the many building blocks that are used in the creation of modern software. It is used by many organizations to do a common but vital job. Log4j is used by developers to keep track of what happens in their software applications or online services. It’s basically a huge journal of the activity of a system or application. This activity is called “logging” and it’s used by developers to keep an eye out for problems for users.
There are 3 recently exploits in Java SpringFramework, Spring4Shell based on Log4J, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.
This is of course a very serious security threat that needs immediate actions to ensure security compliance in IT infrastructures.
Performed threat analysis
We have taken the necessary measures to immediately assess our environment, scanning for any Apache instance utilizing log4j and have an ongoing process to mitigate any new risks in our environments. We will remain diligent in following the reports for this threat and any other new reported security issues.
We will continue our monitoring and surveillance in line with our security governance maintenance to ensure best practice security measures for our IT infrastructure at AddSecure.
You are welcome to contact our Chief Operating Officer, Krister Tånneryd, if you have any questions or concerns.