Apache Log4J Vulnerability

December 11, 2021
US Signal

US Signal is investigating and responding to the Apache Log4J Vulnerability CVE-2021-44228. An overview of the vulnerability can be found here: https://nvd.nist.gov/vuln/deta... 
This vulnerability impacts a Java library widely used for logging purposes and has been found to be very simple to exploit, as demonstrated in published proof-of-concepts. An extensive collection of technologies and vendors utilize Log4J, and US Signal has seen an influx of scanning traffic related to this vulnerability over the previous 24 hours. US Signal has conducted initial security risk assessments. We are in ongoing communication with our partners and vendors to continually evaluate the threats posed by this vulnerability to the services US Signal provides to our customers. 
During our risk assessment, we identified that the Remote Management and Monitoring platform utilized by US Signal has an unpatched Log4J vulnerability. No attempts to exploit the platform were observed in logs, but out of an abundance of caution, US Signal has taken the service offering offline until secure patches are available and tested.  
Additional security controls have been implemented to protect US Signal and our customers. These controls include ensuring enhanced IPS rules are in place, enabling web-application-firewall protection rules, and we are utilizing threat intelligence to enable firewall block-listing. US Signal Managed Firewall customers have had updated IPS signatures pushed to their firewalls to help improve security posture. 
US Signal highly recommends each customer evaluate platforms and services exposed to the Internet to determine risks associated with Log4J.    
If you have any further questions or need technical support, please reach out to the US Signal Technical Operations Center at (888) 663-1700 or by email at [email protected]. If you are interested in exploring options to proactively protect yourself from threats such as this in the future, you can contact the Technical Operations Center and ask to speak with our Security Operations Center team.