SERV - Secure Electronic Registries Victoria

SERV Statement on Apache Log4j

Thursday 16 December 2021

Secure Electronic Registries Victoria (SERV) has conducted a review of its technology environment and confirmed that its systems are currently not impacted by the Apache Log4j vulnerability.

Apache Log4j is a software library which is used extensively in technology applications worldwide. An emergency advisory was issued earlier this week for a critical vulnerability in Apache Log4j.

Upon becoming aware of the Apache Log4j advisory, SERV activated its technical response procedure to identify, detect and prevent any threat actors from attempting to exploit its IT systems.

SERV has also implemented several precautionary measures, including:

• Establishing countermeasures to detect the known indicators associated with this vulnerability.

• Continuously and systematically reviewing its technology environment for the presence of the vulnerability and if an impacted version of Log4j is found, SERV will upgrade the affected systems to the latest version

• Monitoring for additional security mitigations as the indicators of compromise become available, both publicly and directly from security vendors and refining approach as more information becomes available

“At SERV, the security of our systems and the data we hold is of paramount importance to us. It is our number one priority,” SERV’s Head of Information Security & Cloud Infrastructure, Sunil Rane said.

“This is a developing situation, and the status may change as more information becomes available. SERV will continue to monitor this event through our deed with the Australian Cyber Security Centre and other external security intelligence sources and act swiftly if any additional information becomes available.”

##ENDS##

---