%term

Log4Shell: What You Need to Know About the Log4j Vulnerability (APJ)

Dec 16, 2021 By Snyk In Snyk

A new critical vulnerability, Log4Shell, was publicly disclosed on December 10th and is making global headlines. It impacts a wide amount of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide. In this webinar recording, Snyk technical experts provide an in-depth technical review of the Log4Shell vulnerability, what caused it, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more.

View Video

Snyk

Read more about Log4Shell: What You Need to Know About the Log4j Vulnerability (APJ)

Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

Dec 16, 2021 By Trustwave In Trustwave

Dec. 29: Updated to cover three additional CVEs: CVE-2021-4104, CVE-2021-44832, and CVE-2021-42550 (in logback as opposed to log4j). Dec. 22: A joint Cybersecurity Advisory was issued by multiple national cybersecurity agencies providing mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Dec. 17: Please note the emergency directive from CISA on Log4j.

Read Post

Trustwave

Read more about Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities

Press information: Crowdsource hacker first to find Zero-Day CVE-2021-43798 in Grafana

Dec 15, 2021 By Detectify In Detectify

The vulnerability, dubbed CVE-2021-43798 impacted the Grafana dashboard, which is used by companies around the world to monitor and aggregate logs and other parameters from across their local or remote networks. The privately reported bug became a leaked zero-day but was first spotted by Detectify Crowdsource hacker Jordy Versmissen on December 2, after which Grafana was notified by Detectify about the bug.

Read Post

Detectify

Read more about Press information: Crowdsource hacker first to find Zero-Day CVE-2021-43798 in Grafana

How CrowdStrike Protects Customers from Threats Delivered via Log4Shell

Dec 15, 2021 By Farid Hendi - Karan Sood - Liviu Arsene In CrowdStrike

Recent CrowdStrike Intelligence team findings regarding the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerabilities indicate wide-ranging impact. CrowdStrike helps protect customers from threats delivered via this vulnerability using both machine learning and indicators of attack (IOAs).

Read Post

CrowdStrike

Read more about How CrowdStrike Protects Customers from Threats Delivered via Log4Shell

CVE-2021-45046: New Log4j Vulnerability Discovered

Dec 15, 2021 By Gustavo Palazolo In Netskope

Shortly after the Apache Software Foundation (ASF) released the bug fix for the vulnerability known as Log4Shell or LogJam (CVE-2021-44228), a new vulnerability was discovered in Log4j Java-based logging library, tracked as CVE-2021-45046. While Log4Shell had the maximum CVSS score of 10, this new vulnerability is rated as 3.7, affecting all versions of Log4j between 2.0-beta9 and 2.12.1, as well as between 2.13.0 and 2.15.0.

Read Post

Netskope

Read more about CVE-2021-45046: New Log4j Vulnerability Discovered

58% of Orgs Are Using a Vulnerable Version of Log4j

Dec 15, 2021 By Hope Goslin In Veracode

On December 9, 2021, a zero-day vulnerability in Log4j 2.x was discovered. This vulnerability is of great concern because if it’s successfully exploited, attackers are able to perform a RCE (Remote Code Execution) attack and compromise the affected server. Since we are a cloud-based Software Composition Analysis (SCA) provider, we have useful customer data that gives insight into the scope of the Log4j vulnerability.

Read Post

Veracode

Read more about 58% of Orgs Are Using a Vulnerable Version of Log4j

Addressing Log4j2 Vulnerabilities: How Tripwire Can Help

Dec 15, 2021 By Jess Glackin In Tripwire

On December 9th 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell.” This vulnerability has been classified as “Critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. If you are currently working to identify instances of this vulnerability, Tripwire can help.

Read Post

Tripwire

Read more about Addressing Log4j2 Vulnerabilities: How Tripwire Can Help

Log4j Log4Shell Vulnerability: All You Need To Know

Dec 15, 2021 By JFrog In JFrog

On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.

View Video

JFrog

Read more about Log4j Log4Shell Vulnerability: All You Need To Know

Detect Log4j RCE With Graylog GreyNoise

Dec 15, 2021 By Graylog In Graylog

Graylog experts Abe Abernethy and Jeff Darrington show you how to find the Log4j or Log4Shell with Graylog and integration with GreyNoise. #logmanagement #logmanagementdoneright Download Graylog Graylog on Social Media Graylog.

View Video

Graylog

Read more about Detect Log4j RCE With Graylog GreyNoise

Log4Shell in a nutshell (for non-developers & non-Java developers)

Dec 15, 2021 By Micah Silverman In Snyk

If you’re in tech at all, you’ve likely heard of the Log4Shell exploit taking over the Intertubes. If you’re not a Java developer (or developer of any sort), you may be left scratching your head as to just what’s going on. This post is split into two parts: an explanation of Log4Shell for non-developers and an overview of the Log4Shell vulnerability for non-Java developers.

Read Post