Contents:
Copenhagen, December 13th, 2021 – In regards to the recently discovered CVE-2021-44228 (i.e., log4j or Log4Shell vulnerability) Heimdal™ executives have issued the following statement:
“Heimdal™ Security has acknowledged the existence and inherent criticality associated with the use of the log4j logging framework. Consequentially, we would reassure our customers and business customers who are using Heimdal™ web-based services that the log4j vulnerability does not impact the quality of our service nor the data integrity, or the client’s privacy.
Heimdal™’s web-facing services are PHP-reliant, meaning that the exploit cannot be used against our userbase. Furthermore, since Log4Shell is endemic to the Java programming language and with no discernable connection between the two languages in terms of syntax, it’s highly unlikely for the exploit to be leveraged in compromising PHP-based web services.”
Trailing the Log4Shell Thread
We remind our customers and business customers that the log4j vulnerability is regarded as one of the most critical design flaws discovered in the last decade. Discovered on Friday and earmarked CVE-2021-44228e, log4j or log4Shell can enable threat actors to run arbitrary (and malicious code) on vulnerable, Apache-curated web servers for the purpose of exfiltrating sensitive data.
Preliminary telemetry has revealed that the zero-day flaw affects LDAP servers running Apache version 2.14.1 or below. Remediation is available in the form of a hotfix. In addition, we strongly recommend you update to the latest log4j version.
Heimdal™ client security and privacy are preserved. In addition, our company has begun monitoring the issue in order to identify compromised infrastructures, determine threat groups, and seek solutions that could aid compromised hosts, clients, or networks.