For more information on how to respond to the Log4j vulnerabilities using Splunk products, please see our Log4Shell response overview page. Like most cybersecurity teams, the Splunk Threat Research Team (STRT) has been heads-down attempting to understand, simulate, and detect the Log4j attack vector. This post shares detection opportunities STRT found in different stages of successful Log4Shell exploitation.
A critical vulnerability has been recently discovered in the Apache Log4j Java logging library (CVE-2021-44228), a library used in many client and server applications. The Log4j library is commonly included in Java based software including multiple Apache frameworks such as Struts2, Solr, Druid and Fink. The library provides enhanced logging functionality for Java applications and is commonly used in business system development.
Ransomware and cybercrime have had a major presence in the media this past year with some very prominent attacks happening in 2021 making headlines as well as government-issued executive orders emphasizing the need for stronger cybersecurity. This has resulted in many organizations taking action to bolster their security efforts which can make it difficult for cyber criminals to successfully conduct their attacks.
Amazon Web Services (AWS) provides a large suite of security tools to protect workloads, data, and applications running on AWS cloud infrastructure. Among the 25 AWS-native security solutions, it’s challenging to figure out exactly what your organization needs and why. This article helps simplify your decision by overviewing the top 12 security tools and services offered by Amazon and their uses.
Amazon Web Services (AWS) provides a large suite of security tools to protect workloads, data, and applications running on AWS cloud infrastructure. Among the 25 AWS-native security solutions, it’s challenging to figure out exactly what your organization needs and why. This article helps simplify your decision by overviewing the top 12 security tools and services offered by Amazon and their uses.
Open Policy Agent (OPA) allows developers to accelerate time to market and focus on their differentiated work, instead of spending their time figuring out how they are going to write bespoke authorization policies. With OPA handling authorization decisions across the stack, each service, app or platform API just has to handle enforcement of OPA decisions.
Holiday shopping is right around the corner, but unfortunately, Black Friday isn’t just an opportunity for shoppers and retailers — it’s also an opportunity for cybercriminals. While criminals have always been attracted by the money that changes hands on Black Friday, the last couple of years have been a magnet for cyber attacks. The pandemic means that more people than ever shopped online in 2020 — with shoppers spending $14.13 billion online last year on Black Friday.
We know that keeping up with cybersecurity news can be a challenge. The threat landscape continuously evolves, and defenders must stay apprised of the latest innovations and best practices to better protect their organizations. So, throughout the year, ThreatQuotient publishes a steady stream of blogs with insights to help you optimize your security operations and accelerate detection and response.
