December 17, 2021
TORONTO, December 17, 2021 – Scryb Inc. (“Scryb'' or the “Company”)(CSE: SCYB, OTCQB: SCYRF RYMDF, Frankfurt: EIY2) provides commentary on the widespread log4j1vulnerability discovered on December 9th, potentially allowing unauthorized remote access. The United States Cybersecurity and Infrastructure Security Agency issued an alert about the vulnerability, and noted that it is reportedly being actively exploited.2
Log4j is a java library for activity logging, software producers and consumers are currently spending significant resources to identify where this library exists in software or deployed systems. Some enterprises with advanced software inventory systems are reporting success mitigating this vulnerability, whereas several organizations are set to spend extensive resources over the coming months to fully address this issue. Having managed one’s Software Bill of Materials (SBOM), these products that carry the vulnerabilities would be far easier to identify and mitigate. Well-managed CI/CD pipelines including attestations such as SBOM are currently providing value and certainty to recovery plans.
"This is the type of vulnerability that was leveraged in the Equifax breach in 2017, and it will take a while until it stabilises and all the impacted software is patched," said Dmitry Raidman, co-founder and CTO at Cybeats. "Any Java code-based products are potentially affected; it might take months until the patches are delivered to active environments, and some companies that are vulnerable to this exploit at the moment are unaware." To manage this type of risk better in the future, companies may look at SBOM and VEX CSAF as means of obtaining transparency and knowing their software better.
This vulnerability serves as an important indicator of changes underway in supply chain infrastructure. The transparency implicit in software inventory systems and specifically, SBOM are necessary to ensure stability in software supply chains long-term. Multiple Cybeats executives and advisors including CTO & co-founder, Dmitry Raidman, were participants in the U.S. Department of Commerce SBOM working groups which resulted in the SBOM standard adopted by the U.S. federal government. The Company has developed the SBOM Studio™ product to accomplish in seconds what takes weeks. SBOM Studio™ provides management of SBOM’s from design to operation including orchestration with access management for sharing, AI/ML vulnerability and risk analysis and security posture ranking for supply chain organizations and software components.
“Forward-looking enterprises may take this as an opportunity to adopt processes represented by Software Bill of Materials to mitigate future costly incidents like log4j and gain the other economic benefits and a better software asset inventory control”, said Chris Blask, VP Strategy.
Univeiled subsequent to the log4j revelations on December 9, Log4j is now experiencing a second vulnerability already that has been weaponized and a new patch version188.8.131.52
CNBC recently interviewed CISA Director, Jen Easterly, who said log4j is “the most serious vulnerability she’s seen in her decade-long career”.4 The log4j vulnerability has been conveyed using the analogy :how many rooms in all Quebec government buildings use 60-watt light bulbs? The answer is likely to physically walk to each room and see if each bulb is 60-watt.5
Detecting the vulnerability in a website is a short process, but without an up-to-date inventory list, verifying whether all of the components affected could take several months. Some regions such as Quebec have reacted by shutting down nearly 4,000websites as a preventative measure, until the gravity of the situation is assessed.6
Log4j is used in thousands of applications, and Authomize has graciously compiled a robust and lengthy list of entities affected by this vulnerability which includes the likes of Amazon, Apache and Microsoft.7
Cybeats is holistic software supply chain security that builds certainty through visibility, comprehensive protection and proactive response, from launch to legacy. Cybeats. Software made certain.
Scryb is a platform that powers businesses and technologies with applied intelligence, real-time analytics, and actionable insights. The platform boasts proven adaptability across diverse markets, from digital health and diagnostics to cybersecurity and manufacturing. The cloud-based platform is composed of crucial elements including sensor technology, IoT, predictive analytics, and computer vision.
For more information, or to ‘Sub Scryb’ to the Company’s mail list, visit: https://www.scryb.ai
W. Clark Kent President
Forward-looking Information Cautionary Statement
Except for statements of historic fact, this news release contains certain "forward-looking information" within the meaning of applicable securities law. Forward-looking information is frequently characterised by words such as "plan," "expect," "project," "intend," "believe," "anticipate," "estimate," and other similar words, or statements that certain events or conditions "may" or "will" occur. Forward-looking statements are based on the opinions and estimates at the time the statements are made and are subject to a variety of risks, uncertainties, and other factors that could cause actual events or results to differ materially from those anticipated in the forward-looking statements, including but not limited to delays or uncertainties with regulatory approvals, including that of the CSE. There are uncertainties inherent in forward-looking information, including factors beyond the company’s control. There are no assurances that the commercialization plans for the technology described in this news release will come into effect on the terms or timeframe described herein. The company undertakes no obligation to update forward-looking information if circumstances or management's estimates or opinions should change, except as required by law. The reader is cautioned not to place undue reliance on forward-looking statements. Additional information identifying risks and uncertainties that could affect financial results is contained in the company’s filings with Canadian securities regulators, which filings are available at www.sedar.com.
March 15, 2023
Cybeats is pleased to report on an expanded commercial engagementRead More →
March 13, 2023
is pleased to announce the release of its latest product featureRead More →
March 8, 2023
Cybeats is pleased to provide a summary of the S4 event in Miami.Read More →