Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

veracode

A Review of Log4Shell Detection Methods

Dec 22, 2021 By The Veracode Research Team In Veracode

Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?

Read Post
Corelight

Detecting Log4j exploits via Zeek when Java downloads Java

Dec 18, 2021 By Corelight Labs Team In Corelight

We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP. Today, we will discuss a third detection method, this one focused on the second-stage download that happens after the first stage completes. In this case, the JVM will download additional Java code payloads over HTTP.

Read Post
crowdstrike

CrowdStrike APAC Named Frost & Sullivan Endpoint Security Industry Company of the Year and was also recognized as a Customers' Choice by Gartner

Dec 17, 2021 By CrowdStrike In CrowdStrike
As today's adversaries become more sophisticated, only CrowdStrike provides full, automated protection across endpoints, cloud workloads, identity and data without impacting performance and end-user productivity.
Read Post
Corelight

Detecting Log4j via Zeek & LDAP traffic

Dec 16, 2021 By Corelight Labs Team In Corelight

We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP. Zeek does not currently have a native LDAP protocol analyzer (though one is available if you are running Spicy). This will not stop you from detecting this exploit downloading Java over LDAP, though. To see how, read on.

Read Post
Corelight

Simplifying detection of Log4Shell

Dec 14, 2021 By Corelight Labs Team In Corelight

Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the vulnerable library, the myriad ways that attackers can exploit the vulnerability, and the fact that automated exploitation has already begun, defenders should expect to be dealing with it for the foreseeable future.

Read Post
Trustwave

MDR and MSS Are No Longer 'Nice to Have' For Cyber Resilience, They're Mandatory

Dec 6, 2021 By Darren Van Booven In Trustwave

In today’s evolving threat landscape, the decision of whether to bring in external talent expertise is no longer optional. During the 2021 Gartner Security and Risk Management Summit, we heard other facts and figures that aligned with the needs of our customers and of the market. At the summit, Gartner analysts noted that organizations must have partnerships with MSS/MDR providers and security consulting firms if security is to enable corporate business objectives.

Read Post
Corelight

Situational awareness for CISA FECB playbooks

Nov 30, 2021 By Jean Schaffer In Corelight

CISA recently released a set of playbooks for the Federal Civilian Executive Branch (FCEB) to provide improved cybersecurity incident response (IR) and vulnerability response. As was demonstrated by the SolarWinds SUNBURST attack in December 2020, coordination and reporting across the FCEB continues to be a challenge. Adding to this challenge is the situation where agencies have differing playbooks on how to handle confirmed malicious cyber activity where a major incident has been identified.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.