Cybeats Addresses Widespread ‘Log4j’ Vulnerability

107988_883f829bb469190a_logo

Toronto, Ontario–(Newsfile Corp. – December 17, 2021) – Scryb Inc. (CSE: SCYB) (OTCQB: SCYRF) (OTCQB: RYMDF) (FSE: EIY2) (“Scryb” or the “Company”) provides commentary on the widespread log4j1 vulnerability discovered on December 9th, potentially allowing unauthorized remote access. The United States Cybersecurity and Infrastructure Security Agency issued an alert about the vulnerability, and noted that it is reportedly being actively exploited.2

Log4j is a java library for activity logging, software producers and consumers are currently spending significant resources to identify where this library exists in software or deployed systems. Some enterprises with advanced software inventory systems are reporting success mitigating this vulnerability, whereas several organizations are set to spend extensive resources over the coming months to fully address this issue. Having managed one’s Software Bill of Materials (SBOM), these products that carry the vulnerabilities would be far easier to identify and mitigate. Well-managed CI/CD pipelines including attestations such as SBOM are currently providing value and certainty to recovery plans.

“This is the type of vulnerability that was leveraged in the Equifax breach in 2017 and it will take a while until it stabilizes and all the impacted software is patched,” said Dmitry Raidman, co-founder and CTO, Cybeats. “Any java code based products are potentially to be affected, it might take months until the patches are to be delivered to active environments, and some companies that are vulnerable to this exploit at the moment are unaware. To manage this type of risk better in the future, companies may look at SBOM and VEX CSAF as means of obtaining transparency and knowing their software better.”

This vulnerability serves as an important indicator of changes underway in supply chain infrastructure. The transparency implicit in software inventory systems and specifically, SBOM are necessary to ensure stability in software supply chains long term. Multiple Cybeats executives and advisors including CTO & co-founder, Dmitry Raidman, were participants in the U.S. Department of Commerce SBOM working groups which resulted in the SBOM standard adopted by the U.S. federal government. The Company has developed the SBOM Studio™ product to accomplish in seconds what takes weeks. SBOM Studio™ provides management of SBOM’s from design to operation including orchestration with access management for sharing, AI/ML vulnerability and risk analysis and security posture ranking for supply chain organizations and software components.

Forward-looking enterprises may take this as an opportunity to adopt processes represented by Software Bill of Materials to mitigate future costly incidents like log4j and gain the other economic benefits and a better software asset inventory control,” said Chris Blask, VP Strategy.

Subsequent Developments

Univeiled subsequent to the log4j revelations on December 9, Log4j is now experiencing a second vulnerability already that has been weaponized and a new patch version 2.16.0.3

CNBC recently interviewed CISA Director, Jen Easterly, who said log4j is “the most serious vulnerability she’s seen in her decade-long career”.4 The log4j vulnerability has been conveyed using the analogy: how many rooms in all Quebec government buildings use 60-watt light bulbs? The answer is likely to physically walk to each room and see if each bulb is 60-watt.5

Detecting the vulnerability in a website is a short process, but without an up-to-date inventory list, verifying whether all of the components affected could take several months. Some regions such as Quebec have reacted by shutting down nearly 4,000 websites as a preventative measure, until the gravity of the situation is assessed.6

Log4j is used in thousands of applications, and Authomize has graciously compiled a robust and lengthy list of entities affected by this vulnerability which includes the likes of Amazon, Apache and Microsoft.7

About Cybeats

Cybeats is holistic software supply chain security that builds certainty through visibility, comprehensive protection and proactive response, from launch to legacy. Cybeats. Software made certain.

Website: https://cybeats.com

About Scryb

Scryb is a platform that powers businesses and technologies with applied intelligence, real-time analytics, and actionable insights. The platform boasts proven adaptability across diverse markets, from digital health and diagnostics to cybersecurity and manufacturing. The cloud-based platform is composed of crucial elements including sensor technology, IoT, predictive analytics, and computer vision.

For more information, or to ‘SubScryb’ to the Company’s mail list, visit: https://www.scryb.ai.

Contact:
W. Clark Kent
President
Office. 647-872-9982
TF. 1-844-247-6633
Email: info@scryb.ai

Forward-looking Information Cautionary Statement

Except for statements of historic fact, this news release contains certain “forward-looking information” within the meaning of applicable securities law. Forward-looking information is frequently characterized by words such as “plan”, “expect”, “project”, “intend”, “believe”, “anticipate”, “estimate” and other similar words, or statements that certain events or conditions “may” or “will” occur. Forward-looking statements are based on the opinions and estimates at the date the statements are made, and are subject to a variety of risks and uncertainties and other factors that could cause actual events or results to differ materially from those anticipated in the forward-looking statements including, but not limited to delays or uncertainties with regulatory approvals, including that of the CSE. There are uncertainties inherent in forward-looking information, including factors beyond the Company’s control. There are no assurances that the commercialization plans for the technology described in this news release will come into effect on the terms or time frame described herein. The Company undertakes no obligation to update forward-looking information if circumstances or management’s estimates or opinions should change except as required by law. The reader is cautioned not to place undue reliance on forward-looking statements. Additional information identifying risks and uncertainties that could affect financial results is contained in the Company’s filings with Canadian securities regulators, which filings are available at www.sedar.com.

____________________

1 https://en.wikipedia.org/wiki/Log4j

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce

3 https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html?m=1

https://www.cnbc.com/video/2021/12/16/log4j-vulnerability-the-most-serious-ive-seen-in-my-decades-long-career-says-cisa-director.html

5 https://www.cbc.ca/news/canada/montreal/quebec-cybersecurity-threat-government-website-1.6283133

https://montreal.ctvnews.ca/quebec-shuts-down-3-992-websites-as-preventative-measure-after-security-flaw-discovered-1.5704258

7 https://github.com/authomize/log4j-log4shell-affected/blob/main/affected_components.md

To view the source version of this press release, please visit https://www.newsfilecorp.com/release/107988