Addigy and Apache's Log4J2 CVE-2021-44228 Status

Addigy is aware of a recently disclosed security issue relating to the open-source Apache “Log4j2” utility (CVE-2021-44228). At the time of writing, Addigy does not use this library or has plans to use this library to provide its core services.

Additionally, Addigy leverages CloudFlare, which has released a new WAF rule to attempt to block Log4j exploit requests.

Our team has confirmed with our upstream vendors that all usage with any third-party tools leveraging Log4j has been remediated and will provide further updates on this page throughout the week.

For additional information, please visit our Addigy Trust Center. If you have additional questions, please contact [email protected].

Thank you for your continued partnership,

Addigy Security Team

December 13 2021 @ 1:00 PM US Eastern Update:

A great compiled list of vendor status is below:

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Recommended reading for confirming vulnerability remediation:

https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/

Splashtop for RMM:

In response to your concern regarding the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j, in our investigation so far, we confirm that Splashtop is NOT vulnerable to this exploit, given the fact that the three main components of Splashtop servers do not use it to write logs.

To put the matter into perspective, here are the three main components:

Backend system – Java wasn’t used

API servers – Java wasn’t used

Relay servers – this module wasn’t used to write logs

As Splashtop and the industry at large continue to gain a deeper understanding of the impact of this threat, we will update the user with further information as they become available.

Splashtop thank you for your patience and continued support.

Regards,

Splashtop Business Support Team

Monitoring and Alerting Java on macOS Devices:

Addigy has default facts that can help you identify devices Java Version and Java Vendor:

You can find these facts in the Devices page as `Java Vendor` and `Java Version`:

You can build monitoring items to detect if Java is installed and alert you to take action:

Polish Up Your Best Practices Around Alerts and Remediation: Protect Against Malware

April 28, 2020

This is the third installment of our series on best practices around alerts and remediation for remote monitoring…

Industry Insights

How MDM Enables Companies to Meet Regulators’ Guidelines for Mobile Security

July 21, 2020July 27, 2020

We all know that malware is on the rise and that it’s worse for Mac users than ever before. But do you know how you can leverage your mobile device management (MDM) tools to meet the security objectives these state regulators have laid out?

Let’s dig into their high-level recommendations and how you can improve your Apple device security while at a time when much of your company is still working remotely.