%term

The DHS is inviting hackers to break into its systems, but there are rules of engagement

Dec 16, 2021 By Graham Cluley In Tripwire

The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks.

Read Post

Tripwire

Read more about The DHS is inviting hackers to break into its systems, but there are rules of engagement

What has the Log4shell vulnerability taught us about application security?

Dec 16, 2021 By Snyk In Snyk

A week ago, we had no idea what Log4shell was. Today, we have the global developer community coming together to keep itself safe from a vulnerability that ranks the highest in terms of risk. We need technical solutions, but what does it mean for the landscape of application security, and what have we learned from this situation?

View Video

Snyk

Read more about What has the Log4shell vulnerability taught us about application security?

LOG4J security vulnerability (Log4Shell)

Dec 16, 2021 By Secude In SECUDE

On Nov. 24th 2021 a severe security vulnerability, called “Log4Shell”, has been reported in the JAVA framework “Log4J” 2.x which is widely used for event logging in JAVA applications worldwide. The vulnerability allows cyber-attackers to execute arbitrary code by injecting it into a logging process implemented in Log4J. The “Log4Shell” vulnerability allows complete server takeover by the attackers.

Read Post

SECUDE

Read more about LOG4J security vulnerability (Log4Shell)

Global outbreak of Log4Shell

Dec 16, 2021 By Santiago Cortes In AT&T Cybersecurity

Log4Shell is a high severity vulnerability (CVE-2021-44228) impacting Apache Log4j versions 2.0 to 2.14.1. It was discovered by Chen Zhaojun of Alibaba Cloud Security Team and disclosed via the project´s GitHub repository on December 9, 2021.

Read Post

AT&T Cybersecurity

Read more about Global outbreak of Log4Shell

Sideloading: "a cybercriminal's best friend"

Dec 16, 2021 By Mikesh Nagar In Redscan

Sideloading is the installation of software from a third party rather than an approved source, for example applications that are not available from official vendors or app stores. This hack is creating yet another valuable opportunity for cybercriminals.

Read Post

Redscan

Read more about Sideloading: "a cybercriminal's best friend"

Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)

Dec 16, 2021 By Sysdig In Sysdig

A new critical vulnerability has been found in log4j, a widely-used open-source utility used to generate logs inside java applications. The vulnerability CVE-2021-44228, also known as Log4Shell, permits a Remote Code Execution (RCE) allowing the attackers to execute arbitrary code on the host. The log4j utility is popular and used by a huge number of applications and companies, including the famous game Minecraft. It is also used in various Apache frameworks like Struts2, Kafka, Druid, Flink, and many commercial products.

View Video

Sysdig

Read more about Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)

Discovering Log4j in Protected Systems Using Rubrik APIs

Dec 16, 2021 By Jacob Robinson In Rubrik

Rubrik customers have an advantage when it comes to mitigating the log4j crisis. Utilizing our API-first architecture, Rubrik customers can make a single API call to find instances of log4j across their protected systems.

Read Post

Rubrik

Read more about Discovering Log4j in Protected Systems Using Rubrik APIs

Understanding the Log4j Log4Shell Vulnerability

Dec 16, 2021 By Arctic Wolf In Arctic Wolf

A zero-day threat is creating waves through the cybersecurity industry more than any other in years. On Thursday, December 9, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications. In the week since its discovery businesses worldwide are frantically trying to identify and mitigate the exploit, while security pros and experts are desperately attempting to release patches and guide organizations as new information becomes known.

View Video

Arctic Wolf

Read more about Understanding the Log4j Log4Shell Vulnerability

Security in context: When is a CVE not a CVE?

Dec 16, 2021 By Matt Jarvis, Asaf Biton In Snyk

At Snyk we have some general points of principle that we use to help guide our security thinking and decision making. Firstly, it is always important to understand from whom we are protecting, as it has implications for how we need to act. As an example of this, if our artefact is a web server, then we need to protect it against untrusted users. Whilst if our artefact is encryption software, then we clearly need to protect it even from users with physical access to the system.

Read Post

Snyk

Read more about Security in context: When is a CVE not a CVE?

Log4j Vulnerability CVE-2021-45046 Explained

Dec 16, 2021 By Hagai Wechsler In Mend

As security and development teams rushed to assess the now-notorious Log4Shell vulnerability published December 10 (CVE-2021-44228), another, more minor vulnerability was discovered in Log4j — CVE-2021-45046. To understand the newly-discovered vulnerability, it is important to get the full picture and background on the original Log4j issue.

Read Post