FreeAgent’s response to zero-day vulnerabilities in Log4j
Richard Grey
Director of Information Security
Since the announcement of zero-day vulnerabilities (CVE-2021-44228 and CVE-2021-45046) in Log4j - the open-source Apache Java library - and the subsequently published exploits, we have been monitoring the situation carefully here at FreeAgent.
Our software is not Java-based and is therefore not vulnerable to these risks.
However, we have noticed an increased level of malicious traffic directed at our systems since the publication of the exploits. Our existing automated protection systems are blocking these requests successfully.
We have either patched or implemented the necessary mitigations for the relevant systems we use internally, as advised by the UK's National Cyber Security Centre (NCSC). In addition, we have conducted an audit of the key SaaS providers and sub-processors we use at FreeAgent to monitor their exposure status and to push for their remedial action where required.