Update: Critical Apache Log4j Vulnerability

To our valued subscribers, 

CyFlare has completed a comprehensive audit of its internal and commercial systems, including our SIEM, advanced endpoint, vulnerability scanning, systems management, and SOAR tools. As a result, it is reasonably established that CyFlare is not impacted by the Apache Log4j vulnerabilities identified as CVE-2021-44228 and CVE-2021-45046.

CyFlare does not leverage any of the related components within its applications.

Furthermore, our upstream vendors have provided CyFlare with written statements of no impact. Therefore, there is no remediation required for any CyFlare services at this time. We further validated these statements by conducting internal vulnerability scans and engineering reviews and established that these systems are not affected. We are continuously monitoring the situation and will publish further updates as needed. If you have any questions or concerns, please do not hesitate to reach out to us at [email protected]