Hello

  United States

Red alert? Not in Scope!

Warning level 4 for Java library log4j – Riege customers not affected!

The media have reported in a dramatical manner, the German Federal Office for Information Security (BSI) has issued a level 4 warning: There are security vulnerabilities in the Java library log4j.

The all-clear in advance:

Scope does not use the affected library log4j. An update is not necessary.

Regardless of this, the Riege security team immediately analysed the impact of the security vulnerability and initiated the necessary measures. We use the library in two internal backend systems, but already patched them on Saturday. Due to our network and security design, and as these internal systems do not process input from the internet, we believe a compromise at this point is unlikely.

The Riege security team works quickly and intervenes when necessary.

The wide-ranging emergency patches we applied in the night from Friday to Saturday served to close a gap in a Linux cryptography library (nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) - CVE-2021-43527). This is also critical, but receives less attention – and is now closed.

Check for the security of your own systems, too!

We have done everything we could do. In addition, we would like to urge you to check your own systems for up-to-dateness and security. Useful hints on how to do this can be found here: reuters.com

We will be watching closely and keep you informed.

We continue to monitor the situation and expect timely updates from our suppliers, which we will install immediately. Impairments of Scope operations due to these updates are unlikely, but cannot be ruled out at this point in time. Of course, we will inform you about any measures and possible effects as soon as possible.

We are always at your service. For sure!

Your Riege Security Team

Seeing is believing.

Discover why leading forwarders favor Scope over others.

Request a demo

Cookie Settings

Notification on the use of cookies

We use cookies on our website. Some of them are necessary, while others help us to improve our online offer and to operate economically. We would like to give you the choice of which cookies you allow. You may either reject or accept the cookies that are not necessary by clicking on the checkboxes. You can revoke your consent at any time via the settings in the footer of our website.

Notification on processing your data collected on this website in the U.S.

By clicking on "Accept all", you also consent pursuant to Art. 49 (1) p. 1 lit.a GDPR that your data will be processed in the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy. If you only select the "Required cookies" button, the transmission described above will not take place. For more information about the use of cookies on our website and the processing of your data, please see our privacy policy.

Required cookies allow you to move around a website and use its features to the fullest extent. Without these cookies, functionalities such as actions performed or text input cannot be obtained during a visit.

Functional cookies are used to enable requested functions such as playing videos. These cookies collect anonymised information, they are therefore not able to track movements on other websites.

Performance cookies collect information about how a website is used, such as which pages have been accessed most frequently. These cookies do not store information that allows users to be identified.

Cookies for marketing purposes are used to target relevant advertisements that are adapted to the interests of the user. They are also used to limit the frequency of appearance of an ad and to measure the effectiveness of advertising campaigns.