We know that keeping up with cybersecurity news can be a challenge. The threat landscape continuously evolves, and defenders must stay apprised of the latest innovations and best practices to better protect their organizations. So, throughout the year, ThreatQuotient publishes a steady stream of blogs with insights to help you optimize your security operations and accelerate detection and response.
We’re fortunate to have a depth and breadth of cybersecurity expertise here at ThreatQuotient, and through our partner network. And we take great pride in sharing that expertise with you in the form of high-quality, informative webinars throughout the year. In 2021, we covered a lot of important topics and wanted to make sure you didn’t miss our top five webinars for the year. Scan the overviews below and click on the links to watch those that capture your attention.
Log4Shell is a high severity vulnerability (CVE-2021-44228) impacting Apache Log4j versions 2.0 to 2.14.1. It was discovered by Chen Zhaojun of Alibaba Cloud Security Team and disclosed via the project´s GitHub repository on December 9, 2021.
At Snyk we have some general points of principle that we use to help guide our security thinking and decision making. Firstly, it is always important to understand from whom we are protecting, as it has implications for how we need to act. As an example of this, if our artefact is a web server, then we need to protect it against untrusted users. Whilst if our artefact is encryption software, then we clearly need to protect it even from users with physical access to the system.
As security and development teams rushed to assess the now-notorious Log4Shell vulnerability published December 10 (CVE-2021-44228), another, more minor vulnerability was discovered in Log4j — CVE-2021-45046. To understand the newly-discovered vulnerability, it is important to get the full picture and background on the original Log4j issue.
