Last updated: 12/17/21
As you may be aware, a security vulnerability was discovered in the Apache Log4j Java logging library on December 9th, 2021. This is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. The US Cybersecurity & Infrastructure Security Agency (CISA) released a statement encouraging users and administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
Is HawkSoft affected by this issue?
Upon announcement of the vulnerability, HawkSoft has audited our webservices and internal and external networks to identify whether any services are impacted. We have determined that the HawkSoft system, HawkSoft Cloud, and agency data are not impacted by the Log4j vulnerability. We have also verified with our online hosting partners that the systems supporting HawkSoft Online are not impacted by the vulnerability.
Where can I learn more about this issue?
Here are some further resources on the Log4j security issues:
- CSIA Statement on Log4j
- Apache Summary of Log4j Security Vulnerabilities
- CNN: The Log4j security flaw could impact the entire internet. Here’s what you should know.
- Wired: A vulnerability in the Log4j logging framework has security teams scrambling to put in a fix.
HawkSoft prioritizes your data security
We understand the vital importance of security to systems like HawkSoft that house client data. We want to assure you that we are constantly reviewing our internal and external systems to stay up to date with the most current security practices. If you have any further questions on this issue or other security matters, don’t hesitate to contact us.
HawkSoft E-Signature (powered by Formstack Sign) is not impacted by Log4j. Our partners at Formstack provided the following statement:
Formstack has systems and infrastructure that were known to be affected by the Log4j vulnerabilities recently identified. Formstack has addressed all identified issues and remediation steps were taken to update the necessary systems to the most recent version. Formstack is monitoring the situation and is currently in the process of updating any impacted systems to version 2.17.
HawkSoft Text Messaging utilizes Bandwidth, a service provider for communication networks, to send and receive text messages. Bandwidth is and has taken appropriate measures to safeguard against Log4j vulnerabilities. Bandwidth provided the following response:
Bandwidth immediately performed an analysis across our systems and deployed emergency patching for high-risk vulnerable systems on Friday, December 10th. As an additional layer of production Bandwidth deployed WAF (web Application Firewall) rules designed to lock log4j malicious traffic and also enabled additional SIEM (Security Information and Event Management) detection alerts configured specifically for this vulnerability with 24x7 Security Operations Center (SOC) monitoring. Bandwidth is also actively deploying mitigation and remediation efforts to remaining internal systems. Bandwidth continues to monitor this space for any additional updates or new vulnerabilities that may arise.
HawkSoft is also in close contact with all integrated API Partners and is confirming that none of our API Partners are impacted by log4j.