Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)

Dec 16, 2021 By Sysdig In Sysdig
A new critical vulnerability has been found in log4j, a widely-used open-source utility used to generate logs inside java applications. The vulnerability CVE-2021-44228, also known as Log4Shell, permits a Remote Code Execution (RCE) allowing the attackers to execute arbitrary code on the host. The log4j utility is popular and used by a huge number of applications and companies, including the famous game Minecraft. It is also used in various Apache frameworks like Struts2, Kafka, Druid, Flink, and many commercial products.
View Video

Understanding the Log4j Log4Shell Vulnerability

Dec 16, 2021 By Arctic Wolf In Arctic Wolf
A zero-day threat is creating waves through the cybersecurity industry more than any other in years. On Thursday, December 9, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications. In the week since its discovery businesses worldwide are frantically trying to identify and mitigate the exploit, while security pros and experts are desperately attempting to release patches and guide organizations as new information becomes known.
View Video
Snyk

Security in context: When is a CVE not a CVE?

Dec 16, 2021 By Matt Jarvis, Asaf Biton In Snyk

At Snyk we have some general points of principle that we use to help guide our security thinking and decision making. Firstly, it is always important to understand from whom we are protecting, as it has implications for how we need to act. As an example of this, if our artefact is a web server, then we need to protect it against untrusted users. Whilst if our artefact is encryption software, then we clearly need to protect it even from users with physical access to the system.

Read Post
mend

Log4j Vulnerability CVE-2021-45046 Explained

Dec 16, 2021 By Hagai Wechsler In Mend

As security and development teams rushed to assess the now-notorious Log4Shell vulnerability published December 10 (CVE-2021-44228), another, more minor vulnerability was discovered in Log4j — CVE-2021-45046. To understand the newly-discovered vulnerability, it is important to get the full picture and background on the original Log4j issue.

Read Post

Log4Shell: What You Need to Know About the Log4j Vulnerability (APJ)

Dec 16, 2021 By Snyk In Snyk
A new critical vulnerability, Log4Shell, was publicly disclosed on December 10th and is making global headlines. It impacts a wide amount of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide. In this webinar recording, Snyk technical experts provide an in-depth technical review of the Log4Shell vulnerability, what caused it, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more.
View Video
CrowdStrike

Automate Your Cloud Operations With Humio and Fylamynt

Dec 16, 2021 By Humio Staff In CrowdStrike

A new API integration for Humio and Fylamynt helps joint customers improve the efficiency of their cloud operations teams by automating repetitive and manual operations tasks. Fylamynt, a low-code platform that delivers a developer’s approach to ITOps with site reliability engineering (SRE), works with Humio to empower faster response times to critical operational issues, reduce human error and increase productivity so DevOps teams can focus on adding value through innovation.

Read Post

Cloud File Sharing for Managed Service Providers (MSPs) Overview

Dec 16, 2021 By Egnyte In Egnyte
In this video, Director of MSP Community and Enablement, Eric Anthony, gives an overview of Egnyte and how you can tailor our cloud file sharing tool to the needs of your clients. As a Managed Service Provider or MSP, referring your clients to resources that best fit their needs is imperative to fostering a long-term working relationship. At Egnyte, we give you the support you need to help your clients make informed decisions to keep collaboration simple, adhere to industry-specific regulations, and most importantly, keep their data secure.
View Video
Trustwave

Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

Dec 16, 2021 By Trustwave In Trustwave

Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and CVE-2021-42550 (in logback as opposed to log4j). Dec. 22: A joint Cybersecurity Advisory was issued by multiple national cybersecurity agencies providing mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Dec. 17: Please note the emergency directive from CISA on Log4j.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.