Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2021

veracode

A Review of Log4Shell Detection Methods

Dec 22, 2021 By The Veracode Research Team In Veracode

Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?

Read Post
Corelight

Detecting Log4j exploits via Zeek when Java downloads Java

Dec 18, 2021 By Corelight Labs Team In Corelight

We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP. Today, we will discuss a third detection method, this one focused on the second-stage download that happens after the first stage completes. In this case, the JVM will download additional Java code payloads over HTTP.

Read Post
crowdstrike

CrowdStrike APAC Named Frost & Sullivan Endpoint Security Industry Company of the Year and was also recognized as a Customers' Choice by Gartner

Dec 17, 2021 By CrowdStrike In CrowdStrike
As today's adversaries become more sophisticated, only CrowdStrike provides full, automated protection across endpoints, cloud workloads, identity and data without impacting performance and end-user productivity.
Read Post

Arctic Wolf Cloud Detection and Response

Dec 17, 2021 By Arctic Wolf In Arctic Wolf
Cloud Detection and Response protects you from key cloud threats like account and business email compromise, ransomware, suspicious resource usage, and phished credentials. Arctic Wolf's Concierge Security® Team continually reviews your cloud posture and works to harden your environment over time. The cloud has changed the way we work. Accelerate your cloud transformation and have confidence your business is secure with Arctic Wolf Cloud Detection and Response.
View Video
Corelight

Detecting Log4j via Zeek & LDAP traffic

Dec 16, 2021 By Corelight Labs Team In Corelight

We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP. Zeek does not currently have a native LDAP protocol analyzer (though one is available if you are running Spicy). This will not stop you from detecting this exploit downloading Java over LDAP, though. To see how, read on.

Read Post
Corelight

Simplifying detection of Log4Shell

Dec 14, 2021 By Corelight Labs Team In Corelight

Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the vulnerable library, the myriad ways that attackers can exploit the vulnerability, and the fact that automated exploitation has already begun, defenders should expect to be dealing with it for the foreseeable future.

Read Post

Exploiting NDR to Cultivate Decision Advantage

Dec 9, 2021 By Corelight In Corelight
As defenders, we deploy or develop a number of policies, procedures, tools and technologies to support our risk management strategy while struggling to maintain situational awareness. The regular outputs of detection and response activities rarely cross functional boundaries and result in missed opportunities to translate learnings into institutional memory. With an ever-evolving threat landscape including the transformation to a hybrid work model; the power of decision and ultimately Decision Advantage is the most valuable tool in cyber-defense. In this webcast, Bernard Brantley CISO Corelight will discuss the exploitation of data-centric NDR as the coalescence point for tactical and operational outputs and as a pathway to cultivating strategic decision advantage.
View Video

Zero Trust Architecture Solutions Forum - SANS + Corelight

Dec 9, 2021 By Corelight In Corelight
Security has always been one of the prime concerns for any growing business. In a world where technology is continually evolving, companies are constantly stumbling onto new vulnerabilities. One wrong move in the data management space and companies leave themselves vulnerable to shattering attacks. The increasingly multifaceted landscape means that more groups are turning towards a zero-trust security framework. This approach asks companies to take their security enforcement strategy to the next level and recognize that existing approaches don't offer enough defense.
View Video
Trustwave

MDR and MSS Are No Longer 'Nice to Have' For Cyber Resilience, They're Mandatory

Dec 6, 2021 By Darren Van Booven In Trustwave

In today’s evolving threat landscape, the decision of whether to bring in external talent expertise is no longer optional. During the 2021 Gartner Security and Risk Management Summit, we heard other facts and figures that aligned with the needs of our customers and of the market. At the summit, Gartner analysts noted that organizations must have partnerships with MSS/MDR providers and security consulting firms if security is to enable corporate business objectives.

Read Post
CrowdStrike

Five Questions to Ask Before Choosing Microsoft to Protect Workforce Identities

Dec 1, 2021 By CrowdStrike
You have to secure your workforce identities immediately, to protect your organization from modern attacks like ransomware and supply chain threats. Your environment could be just Microsoft Active Directory (AD), or a hybrid identity store with AD and Azure AD, and it's important to have a holistic view of the directories and a frictionless approach to securing them. If you're considering Microsoft to secure your identities and identity store (AD and Azure Active Directory), you should ask these five questions.
Get White Paper

Copyright © 2024 OpsMatters™. All rights reserved.