The Log4J library is one of the most widely-used logging libraries for Java code. On the 24th of November 2021, Alibaba’s Cloud Security Team found a vulnerability in the Log4J, also known as log4shell, framework that provides attackers with a simple way to run arbitrary code on any machine that uses a vulnerable version of the Log4J. This vulnerability was publicly disclosed on the 9th of December 2021.
You’ve seen suspicious ads. Some were obvious — ads that claim your browser is infected with malware and you need to click immediately to remedy the situation — but likely, some weren’t obvious at all. They just looked like regular ads, and might have appeared on a site you trust. You didn’t know it (and hopefully didn’t click) but some of the ads you see regularly are malvertising.
The announcement of Log4j vulnerability cve-2021-44228 sent security and development teams into a tailspin and highlights the one of biggest challenges of open source security: dependency management. The open source libraries that make up up to 80% of our applications are often a tangled web of dependencies.
This blog contains a discussion about stress, trauma, and domestic violence. This may be difficult for some readers, and given the alarming figures around Post-Traumatic Stress Disorder (PTSD), trauma, and early life experiences (ACEs), this will likely concern at least a small population of readers. Please take care of yourself when reading this and break off from reading if you feel the need to.
DLP ensures confidential or sensitive information (like credit card numbers, PII, and API keys) isn’t shared outside of Slack by scanning for content within messages and files that break predefined policies. DLP is important for both security and compliance reasons. With DLP in place, you’ll be able to.
Five months ago, we decided to release a posture management solution for K8s and make it open source for everyone to enjoy it.
As the threat landscape changes and advances with time, being able to address the most common types of cyber security vulnerabilities has gained the utmost importance. In this article, we will consider various types of cyber security vulnerabilities and how you can mitigate them. As information becomes an organization’s most important asset, cyber security gains increasingly more priority.
For over a century we have seen voice communication being made over Public Switched Telephone Network (PSTN), but since the past decade or two Voice over IP (VoIP) has been introduced and quickly adopted throughout the world for making business phone calls.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Anyone fancy a bit of a challenge? USA citizens only though…
Note: This post first appeared in r/CrowdStrike. First and foremost: if you’re reading this post, I hope you’re doing well and have been able to achieve some semblance of balance between life and work. It has been, I think we can all agree, a wild December in cybersecurity (again). At this time, it’s very likely that you and your team are in the throes of hunting, assessing and patching implementations of Log4j2 in your environment.
