Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

detectify

New test added for actively exploited critical CVE-2021-44228 Apache Log4j RCE

Dec 12, 2021 By detectify In Detectify

Thanks to Detectify Crowdsource hackers, Detectify quickly developed a security test to detect Critical vulnerability CVE-2021-44228 Apache log4j RCE. This vulnerability has set the internet alight over the past few days. Right now, exploit developers and security researchers are still understanding the potential capabilities provided by the vulnerability. Detectify received a working POC for this critical 0-day vulnerability from the Crowdsource community on Friday.

Read Post
cyberint

CVE-2021-44228: Log4J2 Remote Code Execution

Dec 12, 2021 By Cyberint In Cyberint
On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified, (Dubbed “Log4Shell” by researchers), affecting massive amounts of servers all over the world. As this vulnerability gains high traction worldwide, it’s important to note, that not only internet facing java applications are vulnerable, as user input can traverse to another non-internet facing machines and exploit these as well.
Read Post

Security risks of Cloud Computing | Threats, Issues and Challenges

Dec 12, 2021 By Cyphere In Cyphere
Cloud computing is the latest buzzword in the IT world. It's often touted as a cost-saving, high-performance alternative to traditional on-site data storage solutions. But there are risks involved with cloud computing that you need to be aware of before jumping into this new technology! In this video, I'll discuss some different threats, issues and challenges related to security for companies who are considering moving their data up into the cloud or have already done so.
View Video
Forescout

Forescout's Response to Apache Log4j Vulnerabilities

Dec 12, 2021 By Forescout Research Labs In Forescout

Updated 12/20/21 On December 9, 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell”. This “critical” vulnerability (CVSS score: 10) allows a remote attacker to take control of an affected system. When exploited, this vulnerability allows an attacker to run arbitrary code on the device, giving full control over to the attacker.

Read Post
tripwire

What Are the Key Challenges for Cybersecurity Professionals Going into 2022?

Dec 12, 2021 By Martina Dove In Tripwire

Tripwire recently conducted a series of surveys and interviews to understand IT professionals who manage security for their company. The cybersecurity landscape is constantly changing, new challenges are rapidly emerging, and new threats have surfaced, especially throughout the pandemic. We were curious to know some of the struggles that security professionals experience as a part of their job.

Read Post
tripwire

A Bank SMS Text Phish Attempt

Dec 12, 2021 By Andrew Swoboda In Tripwire

Phishing attempts over text messages are becoming more prevalent. I received an SMS text message that contained a phishing attempt for a Canadian Bank. The message implied that I have received a new notification with this bank and I should visit the provided link. I usually do not click on any links, but I decided to see what would happen when I navigated to the page.

Read Post
armo

CVE-2021-44228 - Log4Shell - Vulnerability and its impact on Kubernetes

Dec 12, 2021 By Ben Hirschberg In ARMO

On Dec 9th, a critical zero-day vulnerability - CVE-2021-44228 - was announced concerning the Java logging framework - Log4j All current versions of log4j2 up to 2.14.1 are vulnerable. To remediate this vulnerability, please update to version 2.15.0 or later.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.