Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Java

datadog

The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Dec 14, 2021 By Zack Allen In Datadog

On December 9, 2021, a critical vulnerability in the popular Log4j Java logging library was disclosed and nicknamed Log4Shell. The vulnerability is tracked as CVE-2021-44228 and is a remote code execution vulnerability that can give an attacker full control of any impacted system. In this blog post, we will: We will also look at how to leverage Datadog to protect your infrastructure and applications.

Read Post

Don't panic, we'll get through Log4shell together

Dec 14, 2021 By Snyk In Snyk
On December 10th, the world was greeted by the latest great cyber security threat, and the developer community globally is working tirelessly to secure their applications. Find out what the notorious Log4shell vulnerability is, how developers and organisations are being affected by it, and what exposed ecosystems are doing to mitigate the risk. Guests Brian Clark - Senior Developer Advocate at Snyk Kyle Suero - Senior Security Advocate at Snyk Chris Russell - CISO at tZERO Alyssa Miller - BISO - S&P Global Ratings
View Video
Corelight

Simplifying detection of Log4Shell

Dec 14, 2021 By Corelight Labs Team In Corelight

Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the vulnerable library, the myriad ways that attackers can exploit the vulnerability, and the fact that automated exploitation has already begun, defenders should expect to be dealing with it for the foreseeable future.

Read Post
Snyk

Find and fix the Log4Shell exploit fast with Snyk

Dec 13, 2021 By Ariel Ornstein In Snyk

Even if you tried VERY hard to enjoy a quiet weekend, chances are that this plan was interrupted at least once by the new Log4Shell zero-day vulnerability that was disclosed on Friday (December 10, 2021). The new vulnerability was found in the open source Java library log4j-core which is a component of one of the most popular Java logging frameworks, Log4J.

Read Post
styra

Newest Log4j Security Vulnerability - CVE-2021-44228 - Log4Shell

Dec 13, 2021 By Corin Imai In Styra

Styra Declarative Authorization Service (DAS), both SaaS and self-hosted, as well as Open Policy Agent (OPA), are not affected by the Log4j security vulnerability. The newest Apache Log4j Java-based logging utility vulnerability (CVE-2021-44228) was disclosed to Apache by Alibaba's Cloud Security Team on November, 24 2021 by Chen Zhaojun and published on December, 9 2021.

Read Post
Arctic Wolf

Important Updates on Critical Log4j/Log4Shell Vulnerabilities

Dec 13, 2021 By Mark Manglicmot In Arctic Wolf
On Thursday, December 9, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications. Also known as Log4Shell, the situation is significant and continues to evolve, and the Cybersecurity and Infrastructure Security Agency is recommending immediate action.
Read Post
sysdig

Mitigating log4j with Runtime-based Kubernetes Network Policies

Dec 13, 2021 By Alberto Pellitteri In Sysdig

A critical vulnerability, CVE-2021-44228 known as “log4shell,” in Apache’s log4j was revealed on December 10th, 2021, and has already seen wide exploitation around the Internet. Previously, we discussed the vulnerability and how to find it in your images using Sysdig Scanning reports. In a perfect world, patching would be quick, easy, and completed without any issues.

Read Post
Snyk

The Log4j vulnerability and its impact on software supply chain security

Dec 13, 2021 By Liran Tal In Snyk

By now, you already know of — and are probably in the midst of remediating — the vulnerability that has come to be known as Log4Shell and identified as CVE-2021-44228. This is the vulnerability which security researchers disclosed on Friday (10 December 2021) for Apache’s Log4j logging framework. In this article, we’ll explore a few key Log4j facts as well as actions you can take to protect yourself and your company.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.