The onslaught of the COVID-19 pandemic brought about many changes and disruptions in cybersecurity. Organizations globally shifted to remote work scenarios to enable their employees to work from the comfort of their homes. Since this was a sudden decision, many organizations lacked resources to ensure security while users were operating from locations across the world. These redefined security perimeters provided leeway for bad actors to perform cyberattacks.

Even if you tried VERY hard to enjoy a quiet weekend, chances are that this plan was interrupted at least once by the new Log4Shell zero-day vulnerability that was disclosed on Friday (December 10, 2021). The new vulnerability was found in the open source Java library log4j-core which is a component of one of the most popular Java logging frameworks, Log4J.

Styra Declarative Authorization Service (DAS), both SaaS and self-hosted, as well as Open Policy Agent (OPA), are not affected by the Log4j security vulnerability. The newest Apache Log4j Java-based logging utility vulnerability (CVE-2021-44228) was disclosed to Apache by Alibaba's Cloud Security Team on November, 24 2021 by Chen Zhaojun and published on December, 9 2021.

Cybercriminals are continuously finding new ways to steal sensitive information. Having robust network security measures in place is now more important than ever — and network authentication is part of the solution. There are various authentication technologies available that can add an extra layer of protection to prevent security lapses, and each one offers a unique solution. This post will highlight the most common methods for network authentication and answer the following questions.

On Thursday, December 9, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications. Also known as Log4Shell, the situation is significant and continues to evolve, and the Cybersecurity and Infrastructure Security Agency is recommending immediate action.

A critical vulnerability, CVE-2021-44228 known as “log4shell,” in Apache’s log4j was revealed on December 10th, 2021, and has already seen wide exploitation around the Internet. Previously, we discussed the vulnerability and how to find it in your images using Sysdig Scanning reports. In a perfect world, patching would be quick, easy, and completed without any issues.

By now, you already know of — and are probably in the midst of remediating — the vulnerability that has come to be known as Log4Shell and identified as CVE-2021-44228. This is the vulnerability which security researchers disclosed on Friday (10 December 2021) for Apache’s Log4j logging framework. In this article, we’ll explore a few key Log4j facts as well as actions you can take to protect yourself and your company.

COVID-19 made moving agency employees and services off-premises essential. This move, however, has also sparked one of the biggest waves of cybercrime the internet has ever seen. Ransomware attacks have been particularly effective against government agencies and critical infrastructure.

CVE-2021-44228 (Log4Shell or LogJam) is a recently discovered zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library. It was reported by the Alibaba Cloud Security team as an unauthenticated RCE vulnerability in Log4j 2.0-beta9 up to 2.14.1 and could allow a complete system takeover on vulnerable systems. The bug has received the maximum CVSS score of 10, reflecting its importance and ease of exploitation.