A newly uncovered computer vulnerability is setting off alarm bells throughout the business world, as a flood of cybercriminals rush to exploit it.
The vulnerability was found in a Java software utility called Log4j. The open-source code is used extensively by commercial software developers and powers everything from web cams to industrial control systems.
Simply put, the code is used to log user activity. However, attackers can use the exploit to take over critical systems without a password or inject malware directly on infiltrated computers. Already close to half of corporate networks have experienced an attempted attack using this exploit, making efforts to address the vulnerability a top priority for companies around the world.
At Storable, we take any security threat seriously and take all actions necessary to keep our clients safe. In the spirit of transparency, this post summarizes the results of our investigation to date and recommended steps for customers.
Immediate response
On Friday, December 10, 2021, the Storable cyber security team became aware of a critical vulnerability in the Apache Log4j2 java library (CVE-2021-44228). We immediately initiated our incident response process to determine our usage of this library and its impact across Storable, our products and our infrastructure.
Facility management software
Storable’s family of facility management software products includes Sitelink, storEDGE and Easy Storage Solutions. None of these FMS solutions are written in Java nor do they utilize the affected Log4j2 java library. We identified one (1) third-party tool used internally in support of our FMS software that was affected by the Log4j2 vulnerability. The vulnerability has been addressed.
Marketplace
We identified two (2) third-party software products used internally in support of the marketplace website that were affected by the Log4j2 vulnerability. The vulnerability has been addressed in both of these products.
Websites
None of Storable’s websites products are impacted by the Log4j2 vulnerability.
Insurance
None of Storable’s insurance products are impacted by the Log4j2 vulnerability.
Payments
None of Storable’s payment processing products are impacted by the Log4j2 vulnerability.
All hands on deck
Storable’s cyber security team continues to investigate our exposure to this vulnerability and we will provide further updates if any new risk to our users or our products is identified. We also monitor our IT environment 24x7x365 for threat activity so that we can respond quickly to any identified malicious activity. At this time, we are not aware of any vulnerabilities in our IT environment related to the CVE-2021-44228. Storable customers should feel confident using our products knowing that we are taking appropriate measures to address this widespread vulnerability.
https://www.storable.com/resources/learn/operators-guide-to-cybersecurity/
