Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Snyk

Log4Shell vulnerability disclosed: Prevent Log4j RCE by updating to version 2.15.0

Dec 10, 2021 By Brian Vermeer In Snyk

Today (Dec.10, 2021), a new, critical Log4j vulnerability was disclosed: Log4Shell. This vulnerability within the popular Java logging framework was published as CVE-2021-44228, categorized as Critical with a CVSS score of 10 (the highest score possible). The vulnerability was discovered by Chen Zhaojun from Alibaba’s Cloud Security team. All current versions of log4j2 up to 2.14.1 are vulnerable. You can remediate this vulnerability by updating to version 2.15.0 or later.

Read Post
sysdig

Critical vulnerability in log4j, a widely used logging library

Dec 10, 2021 By Stefano Chierici In Sysdig

Security researchers recently disclosed the vulnerability CVE-2021-44228 in Apache’s log4j, which is a common Java-based library used for logging purposes. Popular projects, such as Struts2, Kafka, and Solr make use of log4j. The vulnerability was announced on Twitter, with a link to a github commit which shows the issue being fixed. Proof-of-concept code was also released to github which shows that the vulnerability is trivial to exploit.

Read Post
Arctic Wolf

5 Steps to Ace the FFIEC Assessment

Dec 10, 2021 By Arctic Wolf In Arctic Wolf
Financial institutions are a rich target for cybercriminals, who scoop up sensitive personal information that allows them to open fake accounts and fraudulent lines of credit. According to research from services firm Accenture and the Ponemon Institute, the average annualized cost of cybercrime to financial institutions exceeds $18 million.
Read Post
SecurityScorecard

Log4Shell Is the Most Dangerous Exploit Since Shellshock

Dec 10, 2021 By SecurityScorecard In SecurityScorecard

Earlier today, a serious flaw was discovered in the widely used Java logging library Apache Log4j. The vulnerability, ‘Log4Shell,’ was first identified by users of a popular Minecraft forum and was apparently disclosed to the Apache Foundation by Alibaba Cloud security researchers on Nov. 24, 2021. The vulnerability has the potential to allow unauthenticated remote code execution (RCE) on nearly any machine using Log4j.

Read Post
CrowdStrike

Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)

Dec 10, 2021 By CrowdStrike Intelligence Team In CrowdStrike

Apache has released version 2.16.0, which completely removes support for Message Lookups and disables JNDI by default. CrowdStrike has identified a malicious Java class file hosted on infrastructure associated with a nation-state adversary. The Java code is used to download known instances of adversary-specific tooling and is likely to be used in conjunction with the recently disclosed Log4Shell exploit (CVE-2021-44228).

Read Post

How Human Resources Practitioners Use Egnyte

Dec 10, 2021 By Egnyte In Egnyte
Director of Global HR Operations, Dee DeWinter, showcases how she utilizes Egnyte to make her job easy, simple, and secure. In this video, she shares how to create and manage workflows, share securely through DocuSign, and set folder permissions within a demo environment. Whether your preference is Microsoft or Google products, you can easily create assets within Egnyte, edit as needed, and benefit from autosave features that make changes immediately available for everyone with access to the file or folder.
View Video

Ain't No Mountain High Enough: Achieving Zero Trust For A Mobile Workforce With Art Ashmann (VMware)

Dec 10, 2021 By Lookout In Lookout
Widespread remote work has called for a paradigm shift in how we conduct enterprise cybersecurity. On this week’s Endpoint Enigma, VMware Staff EUC Solutions Engineer, Art Ashmann joins Hank Schless to discuss how mobile and cloud technology have enabled us to manage both work and personal responsibilities from anywhere and what organizations can do to securely take advantage of it.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.