Security

Log4Shell Is the Most Dangerous Exploit Since Shellshock

Dec 10, 2021 By SecurityScorecard In SecurityScorecard

Earlier today, a serious flaw was discovered in the widely used Java logging library Apache Log4j. The vulnerability, ‘Log4Shell,’ was first identified by users of a popular Minecraft forum and was apparently disclosed to the Apache Foundation by Alibaba Cloud security researchers on Nov. 24, 2021. The vulnerability has the potential to allow unauthenticated remote code execution (RCE) on nearly any machine using Log4j.

Read Post

SecurityScorecard

Read more about Log4Shell Is the Most Dangerous Exploit Since Shellshock

CVE-2021-44228 - Log4j zero day vulnerability, detection and Log4shell fix

Dec 10, 2021 By Harman Singh In Cyphere

Log4j zero-day vulnerability is flooding the security updates/news everywhere. This issue has been named Log4shell and assigned CVE-2021-44228 (still awaiting analysis at the time of writing).

Read Post

Cyphere

Read more about CVE-2021-44228 - Log4j zero day vulnerability, detection and Log4shell fix

Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)

Dec 10, 2021 By CrowdStrike Intelligence Team In CrowdStrike

Apache has released version 2.16.0, which completely removes support for Message Lookups and disables JNDI by default. CrowdStrike has identified a malicious Java class file hosted on infrastructure associated with a nation-state adversary. The Java code is used to download known instances of adversary-specific tooling and is likely to be used in conjunction with the recently disclosed Log4Shell exploit (CVE-2021-44228).

Read Post

CrowdStrike

Read more about Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)

Weekly Cyber Security News 10/12/2021

Dec 10, 2021 By Kevin In ionCube24

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Earlier this week I saw quite a few posts on Twitter mentioning AWS outages. Certainly caused a few issues.

Read Post

ionCube24

Read more about Weekly Cyber Security News 10/12/2021

How Human Resources Practitioners Use Egnyte

Dec 10, 2021 By Egnyte In Egnyte

Director of Global HR Operations, Dee DeWinter, showcases how she utilizes Egnyte to make her job easy, simple, and secure. In this video, she shares how to create and manage workflows, share securely through DocuSign, and set folder permissions within a demo environment. Whether your preference is Microsoft or Google products, you can easily create assets within Egnyte, edit as needed, and benefit from autosave features that make changes immediately available for everyone with access to the file or folder.

View Video

Egnyte

Read more about How Human Resources Practitioners Use Egnyte

Ain't No Mountain High Enough: Achieving Zero Trust For A Mobile Workforce With Art Ashmann (VMware)

Dec 10, 2021 By Lookout In Lookout

Widespread remote work has called for a paradigm shift in how we conduct enterprise cybersecurity. On this week’s Endpoint Enigma, VMware Staff EUC Solutions Engineer, Art Ashmann joins Hank Schless to discuss how mobile and cloud technology have enabled us to manage both work and personal responsibilities from anywhere and what organizations can do to securely take advantage of it.

View Video

Lookout

Read more about Ain't No Mountain High Enough: Achieving Zero Trust For A Mobile Workforce With Art Ashmann (VMware)

Microlesson: Cloud SIEM Entities

Dec 10, 2021 By Sumo Logic In Sumo Logic

Learn what Cloud SIEM Entities are and how they're used to generate Insights.

View Video

Sumo Logic

Read more about Microlesson: Cloud SIEM Entities

Log4Shell CVE-2021-44228

Dec 10, 2021 By Sumo Logic In Sumo Logic

On December 10th, 2021, the National Vulnerability Database (NVD) published the CVE-2021-44228 documenting a vulnerability in the Apache log4j library Java Naming and Directory Interface (JNDI) lookup feature allowing for remote code execution by an attacker who is able to manipulate log messages. A proof of concept was released on December 9th, 2021, and active scanning and exploitation attempts have increased through the time of the publishing of this brief.

Read Post

Sumo Logic

Read more about Log4Shell CVE-2021-44228

SECURITY NOTICE: Log4j.2.x NEWS

Dec 10, 2021 By Veracode In Veracode

Is the Log4j Zero-Day RCE (CVE-2021-44228) vulnerability affecting you? Check out this quick chat with Chris Wysopal and Giuseppe Trovato to learn more about this new #vulnerability and what it could mean for you.

View Video

Veracode

Read more about SECURITY NOTICE: Log4j.2.x NEWS

Rubrik Data Security Spotlight 2021 Recap

Dec 10, 2021 By Rubrik In Rubrik

Learn to better prepare for and respond to ransomware attacks with the latest innovations in Zero Trust Data Security™. Hear as security and IT industry experts share their strategies and best practices to keep business data secure and readily available during cyberattacks and operational failures.

View Video

Rubrik

Read more about Rubrik Data Security Spotlight 2021 Recap

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security

Log4Shell Is the Most Dangerous Exploit Since Shellshock

CVE-2021-44228 - Log4j zero day vulnerability, detection and Log4shell fix

Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)

Weekly Cyber Security News 10/12/2021

How Human Resources Practitioners Use Egnyte

Ain't No Mountain High Enough: Achieving Zero Trust For A Mobile Workforce With Art Ashmann (VMware)

Microlesson: Cloud SIEM Entities

Log4Shell CVE-2021-44228

SECURITY NOTICE: Log4j.2.x NEWS

Rubrik Data Security Spotlight 2021 Recap

Monthly Archive

Follow Us