Updated – Dec 15, 2021
Last Friday, a critical system vulnerability with Log4j was uncovered that has the potential to result in remote code execution against applications.
Since this announcement, Tucows’ Security, Engineering, and Quality Assurance teams have been working around the clock to identify all applications using Log4j and mitigate the identified vulnerability; critical component updates were made over the weekend for Tucows’ entire portfolio, including fiber internet, domains, and mobile services enablement.
After thorough testing, we can confirm that none of Tucows’ data or systems were compromised and that our entire ecosystem remained secure. The Tucows Domains Compliance team will continue to mitigate the worldwide damage by disabling reported domains that are taking advantage of the Log4j vulnerability.
At this time, there is no action required from our customers. If this changes, we will provide an update immediately to affected customers.
Regards,
Tucows Security Team