At Cambrex, we strive to ensure that our digital information is secure from ever-increasing cyber threats. We continually monitor for vulnerabilities and take actions to remediate cyber risks. Recently, Apache released a Security Advisory (CVE-2021-44228) highlighting a critical remote code execution vulnerability in Log4j, a widely deployed Java-based logging utility.
To date, there have been no Indicators of Compromise (IOC) on Cambrex systems. The Cambrex Cybersecurity/Information Technology Teams have formed a Log4j2 Task Force, focused on detecting and remediating vulnerabilities and developing enhanced countermeasures to prevent exploitation. We are working with our software vendors to provide fixes and implementing manual fixes as required.
Cambrex has multiple technologies in place including Security Information Event Management (SIEM), vulnerability management, endpoint detection and response, Intrusion Detection/Prevention, next-generation firewalls, and endpoint management systems that form the foundation of its security infrastructure and enable detection, prevention, and remediation of vulnerabilities. The Cybersecurity/Information Technology Teams will be monitoring the environment continually and implementing additional remediation actions as needed.
If you have any further questions about the Cambrex response to the Log4j2 vulnerability, please send inquiries to firstname.lastname@example.org.
Richard Monforti, MSIS, CISSP
Head of Cybersecurity