Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Java

Log4Shell: What You Need to Know About the Log4j Vulnerability

Dec 15, 2021 By Snyk In Snyk
A new critical vulnerability, Log4Shell, was publicly disclosed on December 10th and is making global headlines. It impacts a wide amount of applications on the internet, allowing attackers to remotely execute code within vulnerable applications worldwide. In this webinar recording, Snyk technical experts provide an in-depth technical review of the Log4Shell vulnerability, what caused it, how it can be exploited, and most importantly, how it can be mitigated through upgrades, or defended against in WAF configurations and more. We cover.
View Video

Fireside Chat: Log4j and Injection Flaws

Dec 15, 2021 By Snyk In Snyk
Join us for a fireside chat with Micah Silverman, Snyk's Director of DevSecOps Acceleration, and Vandana Verma, Security Relations Leader at Snyk, as we answer your #Log4Shell questions: What is it and how does it affect us? How do I find and fix the #Log4J vulnerability? What can other language ecosystems learn from this? We'll also talk about the OWASP Top 10 and injection flaws.
View Video
CrowdStrike

How CrowdStrike Protects Customers from Threats Delivered via Log4Shell

Dec 15, 2021 By Farid Hendi - Karan Sood - Liviu Arsene In CrowdStrike

Recent CrowdStrike Intelligence team findings regarding the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerabilities indicate wide-ranging impact. CrowdStrike helps protect customers from threats delivered via this vulnerability using both machine learning and indicators of attack (IOAs).

Read Post
netskope

CVE-2021-45046: New Log4j Vulnerability Discovered

Dec 15, 2021 By Gustavo Palazolo In Netskope

Shortly after the Apache Software Foundation (ASF) released the bug fix for the vulnerability known as Log4Shell or LogJam (CVE-2021-44228), a new vulnerability was discovered in Log4j Java-based logging library, tracked as CVE-2021-45046. While Log4Shell had the maximum CVSS score of 10, this new vulnerability is rated as 3.7, affecting all versions of Log4j between 2.0-beta9 and 2.12.1, as well as between 2.13.0 and 2.15.0.

Read Post
veracode

58% of Orgs Are Using a Vulnerable Version of Log4j

Dec 15, 2021 By Hope Goslin In Veracode

On December 9, 2021, a zero-day vulnerability in Log4j 2.x was discovered. This vulnerability is of great concern because if it’s successfully exploited, attackers are able to perform a RCE (Remote Code Execution) attack and compromise the affected server. Since we are a cloud-based Software Composition Analysis (SCA) provider, we have useful customer data that gives insight into the scope of the Log4j vulnerability.

Read Post
tripwire

Addressing Log4j2 Vulnerabilities: How Tripwire Can Help

Dec 15, 2021 By Jess Glackin In Tripwire

On December 9th 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell.” This vulnerability has been classified as “Critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. If you are currently working to identify instances of this vulnerability, Tripwire can help.

Read Post
synopsys

Detecting Log4j (Log4Shell): Mitigating the impact on your organization

Dec 15, 2021 By Michael White In Synopsys
At midnight last Thursday, we experienced one of the most notable infosec events in years. A new zero-day exploit in a popular logging package for Java, Log4j, was discovered. The exact origin and timeline are still being investigated, but it’s important to note that this was not just a vulnerability announcement. The information disclosed was rapidly followed by fully functional exploit code—and the exploit itself turned out to be trivial to execute.
Read Post

Log4j Log4Shell Vulnerability: All You Need To Know

Dec 15, 2021 By JFrog In JFrog
On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.
View Video
Snyk

Log4Shell in a nutshell (for non-developers & non-Java developers)

Dec 15, 2021 By Micah Silverman In Snyk

If you’re in tech at all, you’ve likely heard of the Log4Shell exploit taking over the Intertubes. If you’re not a Java developer (or developer of any sort), you may be left scratching your head as to just what’s going on. This post is split into two parts: an explanation of Log4Shell for non-developers and an overview of the Log4Shell vulnerability for non-Java developers.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.