Update: January 11th, 2022
Security Experts found an industry wide vulnerability in a service in Apache software called Log4j on December 10, 2021. Aux/InNetwork is aware of the Log4j vulnerability and executing our internal incident response process review. Here is a link that better describes what this vulnerability is: CVE-2021-44228 — Apache Log4j Vulnerability | Fortinet
The following steps have been taken to ensure that Aux & InNetwork operations are not impacted.
- We are reviewing all our 3rd party platforms as well as our own technology footprint.
- 3rd Party SaaS applications
- As part of our vendor due diligence there have been ten third-party SaaS applications that were found to use Log4J and they have been mitigated. No issues were reported with prior data loss and no other Log4J vulnerability exploits have been identified with any of our other SaaS systems.
- We will continue to monitor our 3rd party SaaS vendors for updates.
- Internal Technology Footprint
- Our 24/7 3rd Party Security Operations Center team has been actively scanning our environment for any signs of this vulnerability.
- Additionally, we are monitoring our software providers’ websites for any announcements regarding log4j vulnerabilities.
- No internal systems were found to be impacted at this time.
- That said, this has been a tricky vulnerability and our 3rd Party Security Operations Center continues to scan and protect our environment on a 24-hour basis, while utilizing the new latest security plugins as they become available to increase the scans effectiveness.
