Request a demo

Thank you. We will be in touch with you shortly.
Cybeats announces brand new BCA Marketplace for SBOM generation. Read the announcement.

December 17, 2021

Cybeats Addresses Widespread ‘Log4j’ Vulnerability

TORONTO, December 17, 2021 – Scryb Inc. (“Scryb'' or the “Company”)(CSE: SCYB, OTCQB: SCYRF RYMDF, Frankfurt: EIY2) provides commentary on the widespread log4j1vulnerability discovered on December 9th, potentially allowing unauthorized remote access. The United States Cybersecurity and Infrastructure Security Agency issued an alert about the vulnerability, and noted that it is reportedly being actively exploited.2

Log4j is a java library for activity logging, software producers and consumers are currently spending significant resources to identify where this library exists in software or deployed systems. Some enterprises with advanced software inventory systems are reporting success mitigating this vulnerability, whereas several organizations are set to spend extensive resources over the coming months to fully address this issue. Having managed one’s Software Bill of Materials (SBOM), these products that carry the vulnerabilities would be far easier to identify and mitigate. Well-managed CI/CD pipelines including attestations such as SBOM are currently providing value and certainty to recovery plans.

"This is the type of vulnerability that was leveraged in the Equifax breach in 2017, and it will take a while until it stabilises and all the impacted software is patched," said Dmitry Raidman, co-founder and CTO at Cybeats. "Any Java code-based products are potentially affected; it might take months until the patches are delivered to active environments, and some companies that are vulnerable to this exploit at the moment are unaware." To manage this type of risk better in the future, companies may look at SBOM and VEX CSAF as means of obtaining transparency and knowing their software better.

This vulnerability serves as an important indicator of changes underway in supply chain infrastructure. The transparency implicit in software inventory systems and specifically, SBOM are necessary to ensure stability in software supply chains long-term. Multiple Cybeats executives and advisors including CTO & co-founder, Dmitry Raidman, were participants in the U.S. Department of Commerce SBOM working groups which resulted in the SBOM standard adopted by the U.S. federal government. The Company has developed the SBOM Studio™ product to accomplish in seconds what takes weeks. SBOM Studio™ provides management of SBOM’s from design to operation including orchestration with access management for sharing, AI/ML vulnerability and risk analysis and security posture ranking for supply chain organizations and software components.

1 https://en.wikipedia.org/wiki/Log4j


Forward-looking enterprises may take this as an opportunity to adopt processes represented by Software Bill of Materials to mitigate future costly incidents like log4j and gain the other economic benefits and a better software asset inventory control”, said Chris Blask, VP Strategy.


Subsequent Developments

Univeiled subsequent to the log4j revelations on December 9, Log4j is now experiencing a second vulnerability already that has been weaponized and a new patch version2.16.0.3

CNBC recently interviewed CISA Director, Jen Easterly, who said log4j is “the most serious vulnerability she’s seen in her decade-long career”.4 The log4j vulnerability has been conveyed using the analogy :how many rooms in all Quebec government buildings use 60-watt light bulbs? The answer is likely to physically walk to each room and see if each bulb is 60-watt.5

Detecting the vulnerability in a website is a short process, but without an up-to-date inventory list, verifying whether all of the components affected could take several months. Some regions such as Quebec have reacted by shutting down nearly 4,000websites as a preventative measure, until the gravity of the situation is assessed.6

Log4j is used in thousands of applications, and Authomize has graciously compiled a robust and lengthy list of entities affected by this vulnerability which includes the likes of Amazon, Apache and Microsoft.7


About Cybeats

Cybeats is holistic software supply chain security that builds certainty through visibility, comprehensive protection and proactive response, from launch to legacy. Cybeats. Software made certain.



About Scryb

Scryb is a platform that powers businesses and technologies with applied intelligence, real-time analytics, and actionable insights. The platform boasts proven adaptability across diverse markets, from digital health and diagnostics to cybersecurity and manufacturing. The cloud-based platform is composed of crucial elements including sensor technology, IoT, predictive analytics, and computer vision.

3 https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html?m=1


5 https://www.cbc.ca/news/canada/montreal/quebec-cybersecurity-threat-government-website-1.6283133


7 https://github.com/authomize/log4j-log4shell-affected/blob/main/affected_components.md

For more information, or to ‘Sub Scryb’ to the Company’s mail list, visit: https://www.scryb.ai



W. Clark Kent President

Office. 647-872-9982

TF. 1-844-247-6633

Email: info@scryb.ai

Forward-looking Information Cautionary Statement

Except for statements of historic fact, this news release contains certain "forward-looking information" within the meaning of applicable securities law. Forward-looking information is frequently characterised by words such as "plan," "expect," "project," "intend," "believe," "anticipate," "estimate," and other similar words, or statements that certain events or conditions "may" or "will" occur. Forward-looking statements are based on the opinions and estimates at the time the statements are made and are subject to a variety of risks, uncertainties, and other factors that could cause actual events or results to differ materially from those anticipated in the forward-looking statements, including but not limited to delays or uncertainties with regulatory approvals, including that of the CSE. There are uncertainties inherent in forward-looking information, including factors beyond the company’s control. There are no assurances that the commercialization plans for the technology described in this news release will come into effect on the terms or timeframe described herein. The company undertakes no obligation to update forward-looking information if circumstances or management's estimates or opinions should change, except as required by law. The reader is cautioned not to place undue reliance on forward-looking statements. Additional information identifying risks and uncertainties that could affect financial results is contained in the company’s filings with Canadian securities regulators, which filings are available at www.sedar.com.

Cybeats Signs Breakthrough Cybersecurity Deal; Entering New Sector with One of the World's Largest Water Technology Companies

May 30, 2024

TORONTO, May 30, 2024 – Cybeats Technologies Corp. (“Cybeats'' or the “Company”)(CSE: CYBT, OTCQB: CYBCF), a Company offering industry-leading cybersecurity software, is pleased to announce a SaaS (“software as a Service'') agreement with one of the world's largest water technology providers in the U.S. that has an over $30 billion market cap and operates in over 150 countries.

Read More →

Cybeats Enlisted in Secure by Design Pledge; Enhancing Standards with U.S. Cybersecurity Agency

May 17, 2024

TORONTO, May 17, 2024 – Cybeats Technologies Corp. (“Cybeats'' or the “Company”)(CSE: CYBT, OTCQB: CYBCF), a global leader in cybersecurity technology, is proud to announce its inclusion in the ‘Secure by Design’ initiative by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).1 This move marks a significant step forward for Cybeats in supporting one the largest U.S. security agencies, and alongside some of the world’s largest software companies.2

Read More →

Cybeats Highlights Impactful Presence at RSA: The World's Premier Cybersecurity Conference

May 16, 2024

Cybeats is pleased to share highlights from its successful participation at the recent RSA Conference

Read More →

See Cybeats Security
Platform in Action Today.