Regarding security vulnerabilities in Apache Log4j

Background information

Log4j is one of the many building blocks that are used in the creation of modern software. It is used by many organizations to do a common but vital job. Log4j is used by developers to keep track of what happens in their software applications or online services. It’s basically a huge journal of the activity of a system or application. This activity is called “logging” and it’s used by developers to keep an eye out for problems for users.

Last week, a vulnerability was found in Log4j, an open-source logging library commonly used by apps and services across the internet. If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

This is of course a very serious security threat that needs immediate actions to ensure security compliance for AddSecure’s IT infrastructure

Performed threat analysis

We have taken the necessary measures to immediately assess our environment, scanning for any Apache instance utilizing log4j. We can happily report that we have secured AddSecure’s IT infrastructure from this threat. We will remain diligent in following the reports for this threat and any other new reported security issues.

We will continue our monitoring and surveillance in line with our security governance maintenance to ensure best practice security measures for our IT infrastructure at AddSecure.

You are welcome to contact our Chief Operating Officer, Krister Tånneryd, if you have any questions or concerns.