Incident Response

CVE-2021-44228
Follow our response to this incident here.

Background
Attackers have started to exploit a vulnerability that affects a Java logging package. Log4j is used in a variety of software applications, and by a variety of software developers and manufacturers. Some of those include Apple, Twitter, Steam, Tesla, Apache, and the Minecraft video game.

What we have discovered so far:

  1. Approximately 75% of our vendors/partners have responded to our requests about their solutions vulnerability to the Log4j issue. All have responded with positive news, that this issue had either been dealt with (using a patch that was deployed within the past 24 hours) or a patch will be deployed in the near future.
  2. Some of our partners/vendors have responded that Log4j is not an issue for them.

Our next steps:

  1. CSC will continue to perform analysis of applications and continue to monitor this vulnerability.
  2. When any additional patches or updates are made available to us, we will update this site with the latest information and action taken.

What you should do:

  1. We offer a managed service solution called RemoteView Security (Cylance) that can help with your protection strategy.
  2. For additional information, please click the link: CISA.gov.

 

Customized Service Concepts is actively monitoring this vulnerability, and will provide updates through this page regularly.

Please reach out with any questions or concerns at info@cscatm.com.

Thank you for your continued support.