Update on December 23, 2021
We continue to observe no indicators of compromise in our environment from Log4j. We had previously deployed and continue to enhance countermeasures to provide layers of protection and increased situational awareness through regular monitoring and blocking of suspicious activity.
Update on December 15, 2021
We have investigated the new Log4j denial of service vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104), and have determined that this has little to no impact to FAX.PLUS and its customers.
We will continue to monitor this situation closely.As an extra layer of protection we have activated our WAF rules to also mitigate any potential misconduct. This WAF mitigation has been split across three rules inspecting HTTP headers, body and URL respectively.
December 09, 2021
Alohi IT security and engineering teams received a report of the Log4j vulnerability (CVE-2021-44228) and initiated investigations.