Security Update on Log4j2

Follow

Horizontal_Banner.png

This article covers the following topics:

21st December - Update

We confirm that we have no reason to believe that any of our services are or have been compromised. GAN Integrity does not use Java as part of our own technology stack.

As GAN Integrity uses several cloud-based services, our response so far has included monitoring responses from our key technology vendors to understand to what extent (if any) that the services they operate for us may be affected.

We have now heard back from all vendors and partners and are pleased to note that everyone has assessed potential exposure and are taking necessary preventative and corrective measures.

We have taken a single corrective action patching a third party system with the vulnerable package. The system is not and has never been exposed to the internet and we have confirmed that there is no way to exploit the vulnerability even with access to this system.

We confirm, to the best of our knowledge, that GAN has not been exposed to this vulnerability.

We expect no further communication on this topic, but will of course update you without delay should anything arise.

___________________________________________________________________________________________________________

13th December

You may have seen in the news that there was a recently disclosed security issue relating to the “Log4j2" utility, which could potentially impact companies utilizing Java as part of their technology stack.

The vulnerability is logged as CVE-2021-44228 and is being referred to by the name of the impacted Java library: Log4j2.

We are writing to you to confirm that we have no reason to believe that any of our services are or have been compromised.

GAN Integrity does not use Java as part of our own technology stack.  

As GAN Integrity uses several cloud-based services, our response so far has included monitoring responses from our key technology vendors to understand to what extent (if any) that the services they operate for us may be affected. Amazon Web Services (our hosting provider) and Cloudflare (one of our Content Delivery Networks) run the only internet facing services used for delivering our product and you may review their status here:

https://www2.ganintegrity.com/e/547692/curity-bulletins-AWS-2021-006-/3zs298j/1139650485?h=gsPxzmvyru2ociK5ooDViRMusxERcdEMoYwMZ_oKFhY

https://www2.ganintegrity.com/e/547692/onded-to-log4j2-vulnerability-/3zs298l/1139650485?h=gsPxzmvyru2ociK5ooDViRMusxERcdEMoYwMZ_oKFhY

Again, we have no reason to believe that any of our services are or have been compromised but are taking this seriously and will continue to monitor this.

We will post here further findings (if applicable).

 

 

© 2021 GAN INTEGRITY INC. ALL RIGHTS RESERVED | The information contained in this document is solely for the intended recipient and may not be used, published or redistributed without the prior written consent of GAN INTEGRITY INC. While every care has been taken in preparing this document, GAN INTEGRITY INC. reserves the right to revise its contents without prior notice.

 

Was this article helpful?
0 out of 0 found this helpful