English
Afrikaans
Shqip
አማርኛ
العربية
Հայերեն
Azərbaycan dili
Euskara
Беларуская мова
বাংলা
Bosanski
Български
Català
Cebuano
Chichewa
简体中文
繁體中文
Corsu
Hrvatski
Čeština
Dansk
Nederlands
Esperanto
Eesti
Filipino
Suomi
Français
Frysk
Galego
ქართული
Deutsch
Ελληνικά
ગુજરાતી
Kreyol ayisyen
Harshen Hausa
Ōlelo Hawaiʻi
עִבְרִית
हिन्दी
Hmong
Magyar
Íslenska
Igbo
Bahasa Indonesia
Gaelige
Italiano
日本語
Basa Jawa
ಕನ್ನಡ
Қазақ тілі
ភាសាខ្មែរ
한국어
كوردی
Кыргызча
ພາສາລາວ
Latin
Latviešu valoda
Lietuvių kalba
Lëtzebuergesch
Македонски јазик
Malagasy
Bahasa Melayu
മലയാളം
Maltese
Te Reo Māori
मराठी
Монгол
ဗမာစာ
नेपाली
Norsk bokmål
پښتو
فارسی
Polski
Português
ਪੰਜਾਬੀ
Română
Русский
Samoan
Gàidhlig
Српски језик
Sesotho
Shona
سنڌي
සිංහල
Slovenčina
Slovenščina
Afsoomaali
Español
Basa Sunda
Kiswahili
Svenska
Тоҷикӣ
தமிழ்
తెలుగు
ไทย
Türkçe
Українська
اردو
O‘zbekcha
Tiếng Việt
Cymraeg
isiXhosa
יידיש
Yorùbá
ZuluPayQuicker Statement on Log4j2 Vulnerability
The PayQuicker security team is aware of and responding to the Log4j2, also referred to as Log4Shell, vulnerability.
Apache Log4j is an open-source library that is utilized by Java applications to facilitate logging requests. On December 9, 2021, a critical vulnerability identified as CVE-2021-44228 was disclosed in the Apache Log4j Java logging library, affecting all Log4j versions prior to 2.15.0. Upon becoming aware of the initial vulnerability disclosure, the security team at PayQuicker began its review of any possible impact to customers and PayQuicker operations. Following is a summary of that activity and the resulting conclusions.
How is PayQuicker Responding?
PayQuicker knows customers and partners are concerned about the security of the PayQuicker products and of their data. The now-infamous zero-day vulnerabilities associated with the Apache log4j package (see CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) have rightly caused great concern. The widespread use of Java and Apache packages makes this a serious event with far-reaching implications for companies, their partners, and their customers.
PayQuicker has performed extensive due diligence on the issues associated with these vulnerabilities and continues to monitor the situation as it evolves.
Below is a summary of what you need to know and how PayQuicker has responded so far:
- First and foremost, this issue does not apply to PayQuicker products, as we do not use Java anywhere in our solution: not in development, and not in our deployment environment.
- This means there is nothing for PayQuicker customers to do, and customers can be assured that their accounts and data are secure.
- PayQuicker has verified there were no attack attempts on our products or corporate environments prior to our due diligence, and we have enhanced security for our network, endpoints, and products, adding these attack vectors to our already substantial protections.
- PayQuicker has evaluated all critical vendors and found no concerns.
- PayQuicker is in the process of verifying all third-party suppliers of software and services, finding no issues to date. We are nearly complete with this initial review.
- PayQuicker will continue to perform due diligence not only to manage this issue, but to manage all risks identified within our information security program.
PayQuicker will update this page with important developments and will send out specific communications to customers and partners as is deemed prudent or the future need arises.
What else do I need to know?
Though there are no PayQuicker-related actions needed for our customers, it is advised that businesses perform their own due diligence against their systems and vendors. Please refer to guidance from the Cybersecurity Infrastructure & Security Agency (CISA).
Edward Woodfield
About PayQuicker
PayQuicker is a leading provider of financial payout technology and innovation for startups to enterprise organizations. Our cloud-based, regulatory-compliant, secure software stack offers custom-branded payout solutions that power our clients to seamlessly deliver secure, instant payouts to millions of independent contractors, distributors, influencers, and affiliates around the globe. The instant payout of commissions, bonuses, incentives, and rewards is critically important for our clients to build brand loyalty and accelerate their business growth worldwide through secure affiliate portals, wallet solutions, or API gateway integrations with their proprietary user interface.