Security Update: Apache log4j

On 9^th December 2021 it was confirmed that there are critical vulnerabilities in the Apache log4j product.

Log4shell is a critical vulnerability in the widely used logging tool Log4j, which is used by millions of computers worldwide running online services. A wide range of people, including organisations, governments and individuals are likely to be affected by it.

These vulnerabilities allow an attacker to remotely exploit arbitrary code on a vulnerable server. The attack is trivial to exploit and works without the need for any authentication. It is currently being actively exploited.

We are following the NCSC guidance as well as Cloudflare's mitigation protection recommendation.

Forfront response:

1. Protection and mitigation at firewall level

2. Since the discovery we have carried out a full internal review of the infrastructure and all products and services that could be at harm.

We can confirm that Forfront does not use Log4j currently nor has in the past.

We would like to reassure all our customers that our operation and security teams have responded quickly to protect our network and infrastructure against this vulnerability.

As a company we have made a significant investment in our security credentials in 2021, achieving both the ISO27001:2013 and Cyber Essentials Plus certification.

We are committed to a strict and rigid regime of processes, procedures and have the resources required to ensure that the e-shot platform and the Forfront business as a whole, are protected to the highest standard.

If you have any questions, please contact our Customer Success team.