Heimdal
article featured image

Contents:

Copenhagen, December 13th, 2021 – In regards to the recently discovered CVE-2021-44228 (i.e., log4j or Log4Shell vulnerability) Heimdal™ executives have issued the following statement:

Heimdal™ Security has acknowledged the existence and inherent criticality associated with the use of the log4j logging framework. Consequentially, we would reassure our customers and business customers who are using Heimdal™ web-based services that the log4j vulnerability does not impact the quality of our service nor the data integrity, or the client’s privacy.

Heimdal™’s web-facing services are PHP-reliant, meaning that the exploit cannot be used against our userbase. Furthermore, since Log4Shell is endemic to the Java programming language and with no discernable connection between the two languages in terms of syntax, it’s highly unlikely for the exploit to be leveraged in compromising PHP-based web services.”

Trailing the Log4Shell Thread

We remind our customers and business customers that the log4j vulnerability is regarded as one of the most critical design flaws discovered in the last decade. Discovered on Friday and earmarked CVE-2021-44228e, log4j or log4Shell can enable threat actors to run arbitrary (and malicious code) on vulnerable, Apache-curated web servers for the purpose of exfiltrating sensitive data.

Preliminary telemetry has revealed that the zero-day flaw affects LDAP servers running Apache version 2.14.1 or below. Remediation is available in the form of a hotfix. In addition, we strongly recommend you update to the latest log4j version.

Heimdal™ client security and privacy are preserved. In addition, our company has begun monitoring the issue in order to identify compromised infrastructures, determine threat groups, and seek solutions that could aid compromised hosts, clients, or networks.

Author Profile

Vladimir Unterfingher

Senior PR & Communications Officer

Experienced blogger with a strong focus on technology, currently advancing towards a career in IT Security Analysis. I possess a keen interest in exploring and understanding the intricacies of malware, Advanced Persistent Threats (APTs), and various cybersecurity challenges. My dedication to continuous learning fuels my passion for delving into the complexities of the cyber world.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE