%term

CVE-2021-45046: New Log4j Vulnerability Discovered

Dec 15, 2021 By Gustavo Palazolo In Netskope

Shortly after the Apache Software Foundation (ASF) released the bug fix for the vulnerability known as Log4Shell or LogJam (CVE-2021-44228), a new vulnerability was discovered in Log4j Java-based logging library, tracked as CVE-2021-45046. While Log4Shell had the maximum CVSS score of 10, this new vulnerability is rated as 3.7, affecting all versions of Log4j between 2.0-beta9 and 2.12.1, as well as between 2.13.0 and 2.15.0.

Read Post

Netskope

Read more about CVE-2021-45046: New Log4j Vulnerability Discovered

58% of Orgs Are Using a Vulnerable Version of Log4j

Dec 15, 2021 By Hope Goslin In Veracode

On December 9, 2021, a zero-day vulnerability in Log4j 2.x was discovered. This vulnerability is of great concern because if it’s successfully exploited, attackers are able to perform a RCE (Remote Code Execution) attack and compromise the affected server. Since we are a cloud-based Software Composition Analysis (SCA) provider, we have useful customer data that gives insight into the scope of the Log4j vulnerability.

Read Post

Veracode

Read more about 58% of Orgs Are Using a Vulnerable Version of Log4j

Addressing Log4j2 Vulnerabilities: How Tripwire Can Help

Dec 15, 2021 By Jess Glackin In Tripwire

On December 9th 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell.” This vulnerability has been classified as “Critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. If you are currently working to identify instances of this vulnerability, Tripwire can help.

Read Post

Tripwire

Read more about Addressing Log4j2 Vulnerabilities: How Tripwire Can Help

Log4j Log4Shell Vulnerability: All You Need To Know

Dec 15, 2021 By JFrog In JFrog

On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.

View Video

JFrog

Read more about Log4j Log4Shell Vulnerability: All You Need To Know

Snyk gives warning: update your Apache Log4j software immediately

Dec 14, 2021 By Snyk In Snyk

Last Friday, a critical vulnerability was discovered in the popular open source software, Apache Log4j 2. Developer-first security company, Snyk, warns of the potentially large impact on companies.

Read Post

Snyk

Read more about Snyk gives warning: update your Apache Log4j software immediately

The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Dec 14, 2021 By Zack Allen In Datadog

On December 9, 2021, a critical vulnerability in the popular Log4j Java logging library was disclosed and nicknamed Log4Shell. The vulnerability is tracked as CVE-2021-44228 and is a remote code execution vulnerability that can give an attacker full control of any impacted system. In this blog post, we will: We will also look at how to leverage Datadog to protect your infrastructure and applications.

Read Post

Datadog

Read more about The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Don't panic, we'll get through Log4shell together

Dec 14, 2021 By Snyk In Snyk

On December 10th, the world was greeted by the latest great cyber security threat, and the developer community globally is working tirelessly to secure their applications. Find out what the notorious Log4shell vulnerability is, how developers and organisations are being affected by it, and what exposed ecosystems are doing to mitigate the risk. Guests Brian Clark - Senior Developer Advocate at Snyk Kyle Suero - Senior Security Advocate at Snyk Chris Russell - CISO at tZERO Alyssa Miller - BISO - S&P Global Ratings

View Video

Snyk

Read more about Don't panic, we'll get through Log4shell together

Simplifying detection of Log4Shell

Dec 14, 2021 By Corelight Labs Team In Corelight

Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the vulnerable library, the myriad ways that attackers can exploit the vulnerability, and the fact that automated exploitation has already begun, defenders should expect to be dealing with it for the foreseeable future.

Read Post

Corelight

Read more about Simplifying detection of Log4Shell

Product demo - Risk based vulnerability management Farsight

Dec 14, 2021 By Outpost 24 In Outpost 24

The sheer volume of vulnerabilities security professionals have to deal with everyday poses a significant challenge to resource and time to patch. Learn how to narrow down high risk CVEs by focusing on exploit availability and threat context beyond CVSS.

View Video

Outpost 24

Read more about Product demo - Risk based vulnerability management Farsight

Find and fix the Log4Shell exploit fast with Snyk

Dec 13, 2021 By Ariel Ornstein In Snyk

Even if you tried VERY hard to enjoy a quiet weekend, chances are that this plan was interrupted at least once by the new Log4Shell zero-day vulnerability that was disclosed on Friday (December 10, 2021). The new vulnerability was found in the open source Java library log4j-core which is a component of one of the most popular Java logging frameworks, Log4J.

Read Post