%term

Log4Shell in the Field - A Brief Analysis Through January 2022

Jan 27, 2022 By Ian McShane In Arctic Wolf

This is a follow-up to our previous blogposts covering the Log4j vulnerability and the Deep Scan tool we made available to help identify vulnerable systems. As we close the first month of 2022, we looked into the activity related to the Log4Shell vulnerability CVE-2021-44228 observed across our 2,3000+ customers. Many of you will empathize with the struggle to find all instances of the vulnerable Log4j component, especially at the scale that comes with having a large customer base.

Read Post

Arctic Wolf

Read more about Log4Shell in the Field - A Brief Analysis Through January 2022

Vulnerability of the Month: nanoid

Jan 27, 2022 By Snyk In Snyk

Learn about a new prolific vulnerability in an extremely popular package! We will dive in to the defective code as well as the fix!

View Video

Snyk

Read more about Vulnerability of the Month: nanoid

CVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability

Jan 27, 2022 By Trustwave In Trustwave

During an investigation of a malware campaign, I discovered that multiple emails were bypassing a specific email security system. Interestingly, there were no bypass techniques used. Instead, the flood of spear-phishing emails made the email security system allow some of the emails, at which point I began my research on Microsoft Outlook. The issue in this case was that the specially crafted malicious link parsing on the security system was weak.

Read Post

Trustwave

Read more about CVE-2020-0696 - Microsoft Outlook Security Feature Bypass Vulnerability

Outpost24 Webinar - API security 101 and how to secure your web applications

Jan 27, 2022 By Outpost 24 In Outpost 24

APIs are a key part of modern web applications and a growing security challenge that isn’t well understood by developers and application security managers, leading to exposed APIs that give hackers access to sensitive data. Find out how to secure your APIs and prevent vulnerabilities from making it into production.

View Video

Outpost 24

Read more about Outpost24 Webinar - API security 101 and how to secure your web applications

Detecting CVE-2022-21907, an IIS HTTP Remote Code Execution vulnerability

Jan 26, 2022 By Corelight Labs Team In Corelight

In January 2022, Microsoft disclosed a remote code execution vulnerability for Internet Information Server (IIS) identified as CVE-2022-21907, which they have subsequently reported as wormable. Through Microsoft, Corelight Labs was able to review a proof of concept for an attack against the vulnerability. This blog presents an open source detection method that Corelight Labs is releasing to detect exploit attempts of CVE-2022-21907.

Read Post

Corelight

Read more about Detecting CVE-2022-21907, an IIS HTTP Remote Code Execution vulnerability

Trustwave Threat Hunting Guide: Identifying PwnKit (CVE-2021-4034) Exploitation

Jan 26, 2022 By Trustwave In Trustwave

The Trustwave Threat Hunting team has authored a practical guide to help the cybersecurity community address the Linux “polkit” Local Privilege Escalation vulnerability (CVE-2021-4034) by identifying common behavior in exploitation.

Read Post

Trustwave

Read more about Trustwave Threat Hunting Guide: Identifying PwnKit (CVE-2021-4034) Exploitation

Trustwave Action Response: Polkit Privilege Escalation Vulnerability - PwnKit (CVE-2021-4034)

Jan 26, 2022 By Trustwave In Trustwave

Trustwave security and engineering teams became aware of the vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) on January 25. We immediately investigated the vulnerability and potential exploits and continue to actively monitor the situation for our clients. Check your distribution for specific patches. As part of a strong patch management program, ensuring your infrastructure and applications are up to date is critical for mitigating cyber risk..

Read Post

Trustwave

Read more about Trustwave Action Response: Polkit Privilege Escalation Vulnerability - PwnKit (CVE-2021-4034)

Stranger Danger: Live hack of how a Log4Shell exploit works

Jan 25, 2022 By Sarah Wills In Snyk

The Log4Shell vulnerability took the Java community by surprise at the end of 2021, and many organizations are still mitigating its impact. To help development teams stay informed as the situation unfolds, Snyk has created and continues to update its Log4j vulnerability resource center.

Read Post

Snyk

Read more about Stranger Danger: Live hack of how a Log4Shell exploit works

How To Detect & Mitigate Apache Log4j CVE-2021-44228

Jan 25, 2022 By Eleanor Bennett In logit.io

If you've already heard about the Apache Log4j CVE-2021-44228 (also known as Log4Shell and formally LogJam) vulnerability then you will know that this is a significant issue as many organisations are scrambling to secure their infrastructure from this critical remote code execution (RCE) vulnerability. With these considerations in mind, we wanted to bring you a guide that outlines the steps that can be followed to ensure the security of your systems from CVE-2021-44228.

Read Post

logit.io

Read more about How To Detect & Mitigate Apache Log4j CVE-2021-44228

4 Step Guide To Vulnerability Assessment

Jan 25, 2022 By Indusface In Indusface

Vulnerability Assessment is a process that defines, identifies, and prioritizes vulnerabilities in the computer system. Vulnerability assessment provides your organization the necessary knowledge, risk background, and awareness, and makes you react to threats when it comes to the environment. About Indusface: Indusface is a SaaS company that secures critical Web applications of 2000+ global customers using its award-winning platform that integrates Web application scanner, Web application firewall, CDN, and threat information engine.

View Video