Logo Alohi

Alohi statement on the Log4j vulnerability

1 min read

Update on December 23, 2021

We have not observed any indicators of compromise in our environment from Log4j. We previously deployed countermeasures, and we are continually enhancing them to provide layers of protection and increased situational awareness. We regularly monitor and block suspicious activity to ensure the security of our systems.

Update on December 15, 2021

We have investigated the new Log4j denial of service vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104), and have determined that this has little to no impact to FAX.PLUS and its customers.

We will continue to monitor this situation closely. As an extra layer of protection, we have activated our WAF rules to also mitigate any potential misconduct. This WAF mitigation has been split across three rules inspecting HTTP headers, body and URL respectively.

December 09, 2021

Alohi IT security and engineering teams received a report of the Log4j vulnerability (CVE-2021-44228) and initiated investigations.