First Rate Responds to CVE-2021-44228 (Log4j)
First Rate is aware of the recently announced compromise of the log4j logging utility and its subsequent use by malicious actors attacking systems throughout the world. The Information Security team at First Rate has been closely following the developments in this rapidly evolving situation since the initial announcement by the CISA on Friday 12/10/2021.
However, the Information Security team at First Rate wants to reassure you, our valuable clients, of several facts which we hope will assure you we are actively securing the data you’ve entrusted to us.
- We have scanned our environments using industry standard vulnerability scanners with rule sets specifically designed to target the log4j vulnerabilities and found that no systems have been affected.
- We have also engaged in manual checks of our entire internet-facing infrastructure to confirm the results of the vulnerability scans were accurate and found that no systems have been affected.
- We have made changes to our security permitter based upon recommendations from our security technology partners in response to these events.
Please be assured, we will continue to closely monitor this rapidly evolving situation, and as new information and recommendations are made by the Cyber Security & Infrastructure Security Agency (CISA), our vendors, and the security community at large, we will respond as necessary to ensure the continued security of your data.
Should there be any questions or concerns, please do not hesitate to reach out to the First Rate Information Security & Compliance team via [email protected].
Jay Anthony, CCO
Brian Moffitt, Information Security Manager