Tucows (that is includes OpenSRS, Ascio, Enom) issued a statement on what their response was to the newly discovered Log4j vulnerability:
“Last Friday, a critical system vulnerability with Log4j was uncovered that has the potential to result in remote code execution against applications.
Since this announcement, Tucows’ Security, Engineering, and Quality Assurance teams have been working around the clock to identify all applications using Log4j and mitigate the identified vulnerability; critical component updates were made over the weekend for Tucows’ entire portfolio, including fiber internet, domains, and mobile services enablement.
Testing is still underway, but initial findings show no evidence of compromised data or systems within Tucows’ infrastructure, which includes OpenSRS, Ascio, Enom, Ting Internet, and Ting Mobile. The Tucows Domains Compliance team is also working to mitigate the worldwide damage by disabling domains taking advantage of the Log4j vulnerability.
At this time, there is no action required from our customers. If this changes, we will provide an update immediately to affected customers.
Regards,
Tucows Security Team”
