Vulnerability

A Review of Log4Shell Detection Methods

Dec 22, 2021 By The Veracode Research Team In Veracode

Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?

Read Post

Veracode

Read more about A Review of Log4Shell Detection Methods

Log4j: The Risk of the Unknown

Dec 22, 2021 By IONIX In IONIX

The Apache Log4j vulnerability will likely continue to create challenges for security teams for months to come, and we want you to be prepared.

View Video

IONIX

Read more about Log4j: The Risk of the Unknown

Snyk Log4Shell Stranger Danger Live Hack

Dec 22, 2021 By Snyk In Snyk

In this recorded session, we present a live hack webinar on the Log4Shell exploit. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.

View Video

Snyk

Read more about Snyk Log4Shell Stranger Danger Live Hack

Snyk IaC in 2021: Leading infrastructure as code security for developers

Dec 22, 2021 By Lauren Place In Snyk

With great automation, comes great risk. The advent of infrastructure as code brought about automation for the tedium of deploying, provisioning, and managing resources in public clouds with declarative scripts. However, this automation increased the importance of creating secure IaC scripts or configurations with cloud infrastructure misconfigurations being cited as the biggest area of increased concern (58%) from 2020 to 2021 in the 2021 Snyk Cloud Native Application Security report.

Read Post

Snyk

Read more about Snyk IaC in 2021: Leading infrastructure as code security for developers

New Log4j flaw: 5 reasons why organizations should worry now

Dec 21, 2021 By IT Security In ManageEngine

The world of cybersecurity has been constantly challenged since the pandemic started. With the dust still settling, a new concern has taken the entire cyber landscape by storm. A flaw in Log4j, a widely used Java-based logging library, allows hackers unbridled access to computer systems. The vulnerability (CVE-2021-44228) affects everything from the cloud to security devices. Attackers have come up with worms that can spread independently from one vulnerable system to another.

Read Post

ManageEngine

Read more about New Log4j flaw: 5 reasons why organizations should worry now

Snyk Code: An Introduction to Dev-First SAST

Dec 21, 2021 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Snyk Code: An Introduction to Dev-First SAST

Blocking log4j with Response Actions - Sysdig Secure

Dec 21, 2021 By Michael Clark In Sysdig

The situation involving the log4j ( log4shell ) vulnerability has been rapidly evolving since its release a little over a week ago. A new exploit, CVE-2021-45046, was found which was not covered by the initial 2.15.0 patch. Not long after the 2.16.0 patch was released, another issue was found, CVE-2021-45105, which resulted in the release of 2.17.0. There is clearly a lot going on in the log4j library.

Read Post

Sysdig

Read more about Blocking log4j with Response Actions - Sysdig Secure

Log4j Incident Update - Dramatic Turn of Events

Dec 21, 2021 By Cyberint In Cyberint

Following December 9th, 2021, the news of a Log4j Remote Code Execution (RCE) vulnerability began to grow (Figure 1). In addition to various malware families that already have utilized this vulnerability and added it to their delivery methods arsenal, more vulnerabilities related to this case were published, making Log4j, once simple Java-based logging utility, “the talk of the internet” these days.

Read Post

Cyberint

Read more about Log4j Incident Update - Dramatic Turn of Events

CrowdStrike Services Launches Log4j Quick Reference Guide (QRG)

Dec 21, 2021 By Scott Taschler In CrowdStrike

The Log4j vulnerability burst onto the scene just a few weeks ago, but to many defenders it already feels like a lifetime. It has rapidly become one of the top concerns for security teams in 2021, and seems set to remain so for the foreseeable future. The critical details of this threat evolve almost daily, making it a formidable challenge for defenders to keep tabs on the threat and their organizations’ exposure.

Read Post

CrowdStrike

Read more about CrowdStrike Services Launches Log4j Quick Reference Guide (QRG)

Log4j Log4Shell Vulnerability Q&A

Dec 21, 2021 By Asaf Cohen In JFrog

In our recent webinar, Log4j Log4Shell Vulnerability Explained: All You Need To Know, our Senior Director Security Research expert Shachar Menashe shared information on the security issue and how to detect and remediate it. We are happy to share additional information in the following Q&A, based on the questions raised during the webinar.

Read Post