%term

Sideloading: "a cybercriminal's best friend"

Dec 16, 2021 By Mikesh Nagar In Redscan

Sideloading is the installation of software from a third party rather than an approved source, for example applications that are not available from official vendors or app stores. This hack is creating yet another valuable opportunity for cybercriminals.

Read Post

Redscan

Read more about Sideloading: "a cybercriminal's best friend"

Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)

Dec 16, 2021 By Sysdig In Sysdig

A new critical vulnerability has been found in log4j, a widely-used open-source utility used to generate logs inside java applications. The vulnerability CVE-2021-44228, also known as Log4Shell, permits a Remote Code Execution (RCE) allowing the attackers to execute arbitrary code on the host. The log4j utility is popular and used by a huge number of applications and companies, including the famous game Minecraft. It is also used in various Apache frameworks like Struts2, Kafka, Druid, Flink, and many commercial products.

View Video

Sysdig

Read more about Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)

Discovering Log4j in Protected Systems Using Rubrik APIs

Dec 16, 2021 By Jacob Robinson In Rubrik

Rubrik customers have an advantage when it comes to mitigating the log4j crisis. Utilizing our API-first architecture, Rubrik customers can make a single API call to find instances of log4j across their protected systems.

Read Post

Rubrik

Read more about Discovering Log4j in Protected Systems Using Rubrik APIs

Understanding the Log4j Log4Shell Vulnerability

Dec 16, 2021 By Arctic Wolf In Arctic Wolf

A zero-day threat is creating waves through the cybersecurity industry more than any other in years. On Thursday, December 9, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications. In the week since its discovery businesses worldwide are frantically trying to identify and mitigate the exploit, while security pros and experts are desperately attempting to release patches and guide organizations as new information becomes known.

View Video

Arctic Wolf

Read more about Understanding the Log4j Log4Shell Vulnerability

Security in context: When is a CVE not a CVE?

Dec 16, 2021 By Matt Jarvis, Asaf Biton In Snyk

At Snyk we have some general points of principle that we use to help guide our security thinking and decision making. Firstly, it is always important to understand from whom we are protecting, as it has implications for how we need to act. As an example of this, if our artefact is a web server, then we need to protect it against untrusted users. Whilst if our artefact is encryption software, then we clearly need to protect it even from users with physical access to the system.

Read Post

Snyk

Read more about Security in context: When is a CVE not a CVE?

Log4j Vulnerability CVE-2021-45046 Explained

Dec 16, 2021 By Hagai Wechsler In Mend

As security and development teams rushed to assess the now-notorious Log4Shell vulnerability published December 10 (CVE-2021-44228), another, more minor vulnerability was discovered in Log4j — CVE-2021-45046. To understand the newly-discovered vulnerability, it is important to get the full picture and background on the original Log4j issue.

Read Post

Mend

Read more about Log4j Vulnerability CVE-2021-45046 Explained

Log4Shell: What You Need to Know About the Log4j Vulnerability (APJ)

Dec 16, 2021 By Snyk In Snyk

A new critical vulnerability, Log4Shell, was publicly disclosed on December 10th and is making global headlines. It impacts a wide amount of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide. In this webinar recording, Snyk technical experts provide an in-depth technical review of the Log4Shell vulnerability, what caused it, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more.

View Video

Snyk

Read more about Log4Shell: What You Need to Know About the Log4j Vulnerability (APJ)

Fireside Chat: Log4j and Injection Flaws

Dec 15, 2021 By Snyk In Snyk

Join us for a fireside chat with Micah Silverman, Snyk's Director of DevSecOps Acceleration, and Vandana Verma, Security Relations Leader at Snyk, as we answer your #Log4Shell questions: What is it and how does it affect us? How do I find and fix the #Log4J vulnerability? What can other language ecosystems learn from this? We'll also talk about the OWASP Top 10 and injection flaws.

View Video

Snyk

Read more about Fireside Chat: Log4j and Injection Flaws

Press information: Crowdsource hacker first to find Zero-Day CVE-2021-43798 in Grafana

Dec 15, 2021 By Detectify In Detectify

The vulnerability, dubbed CVE-2021-43798 impacted the Grafana dashboard, which is used by companies around the world to monitor and aggregate logs and other parameters from across their local or remote networks. The privately reported bug became a leaked zero-day but was first spotted by Detectify Crowdsource hacker Jordy Versmissen on December 2, after which Grafana was notified by Detectify about the bug.

Read Post

Detectify

Read more about Press information: Crowdsource hacker first to find Zero-Day CVE-2021-43798 in Grafana

How CrowdStrike Protects Customers from Threats Delivered via Log4Shell

Dec 15, 2021 By Farid Hendi - Karan Sood - Liviu Arsene In CrowdStrike

Recent CrowdStrike Intelligence team findings regarding the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerabilities indicate wide-ranging impact. CrowdStrike helps protect customers from threats delivered via this vulnerability using both machine learning and indicators of attack (IOAs).

Read Post