Singular and Log4j
As you may have heard, on Friday, December 10th, the world became aware of a critical vulnerability in Log4j, a widely used logging Java library.
Dubbed “Log4Shell” when exploited successfully, this software flaw allows attackers to take control of vulnerable systems remotely and among others, steal sensitive data.
At Singular, we immediately responded by taking the following measures:
- We mapped all of our services to find out which ones use the vulnerable version of the Log4j library, and within those, mapped any potential paths attackers could exploit.
- We ran scans to detect if anyone has managed to attack our servers. We did not find evidence for any such attacks.
- We patched one internal component that was running a vulnerable version of Log4j to further ensure there’s no way we’ll get attacked in the future. We have also concluded that this component cannot have been accessed from the public web and has not been compromised.
- We continue to monitor our systems as well as public information about the vulnerability and associated attacks. At this point, we are confident in Singular being fully patched against “Log4Shell.”
As a customer, no action is needed on your part.
If you have any questions, please reach out to your Singular Customer Success Manager or email us at email@example.com.