Mailchimp
Not subscribed to OpsMatters Newsletter
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Latest posts
Log4Shell Is the Most Dangerous Exploit Since Shellshock
Earlier today, a serious flaw was discovered in the widely used Java logging library Apache Log4j. The vulnerability, ‘Log4Shell,’ was first identified by users of a popular Minecraft forum and was apparently disclosed to the Apache Foundation by Alibaba Cloud security researchers on Nov. 24, 2021. The vulnerability has the potential to allow unauthenticated remote code execution (RCE) on nearly any machine using Log4j.
CVE-2021-44228 - Log4j zero day vulnerability, detection and Log4shell fix
Log4j zero-day vulnerability is flooding the security updates/news everywhere. This issue has been named Log4shell and assigned CVE-2021-44228 (still awaiting analysis at the time of writing).
Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)
Apache has released version 2.16.0, which completely removes support for Message Lookups and disables JNDI by default. CrowdStrike has identified a malicious Java class file hosted on infrastructure associated with a nation-state adversary. The Java code is used to download known instances of adversary-specific tooling and is likely to be used in conjunction with the recently disclosed Log4Shell exploit (CVE-2021-44228).
Weekly Cyber Security News 10/12/2021
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Earlier this week I saw quite a few posts on Twitter mentioning AWS outages. Certainly caused a few issues.
How Human Resources Practitioners Use Egnyte
Director of Global HR Operations, Dee DeWinter, showcases how she utilizes Egnyte to make her job easy, simple, and secure. In this video, she shares how to create and manage workflows, share securely through DocuSign, and set folder permissions within a demo environment. Whether your preference is Microsoft or Google products, you can easily create assets within Egnyte, edit as needed, and benefit from autosave features that make changes immediately available for everyone with access to the file or folder.
Ain't No Mountain High Enough: Achieving Zero Trust For A Mobile Workforce With Art Ashmann (VMware)
Widespread remote work has called for a paradigm shift in how we conduct enterprise cybersecurity. On this week’s Endpoint Enigma, VMware Staff EUC Solutions Engineer, Art Ashmann joins Hank Schless to discuss how mobile and cloud technology have enabled us to manage both work and personal responsibilities from anywhere and what organizations can do to securely take advantage of it.
Microlesson: Cloud SIEM Entities
Learn what Cloud SIEM Entities are and how they're used to generate Insights.
Log4Shell CVE-2021-44228
On December 10th, 2021, the National Vulnerability Database (NVD) published the CVE-2021-44228 documenting a vulnerability in the Apache log4j library Java Naming and Directory Interface (JNDI) lookup feature allowing for remote code execution by an attacker who is able to manipulate log messages. A proof of concept was released on December 9th, 2021, and active scanning and exploitation attempts have increased through the time of the publishing of this brief.
SECURITY NOTICE: Log4j.2.x NEWS
Is the Log4j Zero-Day RCE (CVE-2021-44228) vulnerability affecting you? Check out this quick chat with Chris Wysopal and Giuseppe Trovato to learn more about this new #vulnerability and what it could mean for you.
Rubrik Data Security Spotlight 2021 Recap
Learn to better prepare for and respond to ransomware attacks with the latest innovations in Zero Trust Data Security™. Hear as security and IT industry experts share their strategies and best practices to keep business data secure and readily available during cyberattacks and operational failures.