Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CrowdStrike

Log4j2 Vulnerability "Log4Shell" (CVE-2021-44228)

Dec 10, 2021 By CrowdStrike Intelligence Team In CrowdStrike

Apache has released version 2.16.0, which completely removes support for Message Lookups and disables JNDI by default. CrowdStrike has identified a malicious Java class file hosted on infrastructure associated with a nation-state adversary. The Java code is used to download known instances of adversary-specific tooling and is likely to be used in conjunction with the recently disclosed Log4Shell exploit (CVE-2021-44228).

Read Post
sumologic

Log4Shell CVE-2021-44228

Dec 10, 2021 By Sumo Logic In Sumo Logic
On December 10th, 2021, the National Vulnerability Database (NVD) published the CVE-2021-44228 documenting a vulnerability in the Apache log4j library Java Naming and Directory Interface (JNDI) lookup feature allowing for remote code execution by an attacker who is able to manipulate log messages. A proof of concept was released on December 9th, 2021, and active scanning and exploitation attempts have increased through the time of the publishing of this brief.
Read Post
veracode

URGENT: Analysis and Remediation Guidance to the Log4j Zero-Day RCE (CVE-2021-44228) Vulnerability

Dec 10, 2021 By The Veracode Research Team In Veracode

A previously unknown zero-day vulnerability in Log4j 2.x has been reported on December 9, 2021. If your organization deploys or uses Java applications or hardware running Log4j 2.x your organization is likely affected.

Read Post
splunk

Log Jammin'- Detecting Log4j 2 RCE Using Splunk

Dec 10, 2021 By Ryan Kovar In Splunk

Authors and Contributors: As always, security at Splunk is a family business. Credit to authors and collaborators: Ryan Kovar, Shannon Davis, Marcus LaFerrera, John Stoner, James Brodsky, Dave Herrald, Audra Streetman, Johan Bjerke, Drew Church, Mick Baccio, Lily Lee, Tamara Chacon, Ryan Becwar. If you want just to see how to find detections for the Log4j 2 RCE, skip down to the “detections” sections.

Read Post
netwrix

Oracle Java License Change: Everything You Need to Know

Dec 2, 2021 By Jeremy Moskowitz In Netwrix

The Oracle Java license change has become a hot topic amongst information technology professionals. As of January 2019, administrators who install Java 8 U 202 and later are only able to get security updates when they purchase support for each desktop. Furthermore, Java 11 and above is only available from Oracle under a commercial support agreement. The Java Oracle license change has raised concerns because support costs are expected to rise.

Read Post
Snyk

Java JSON deserialization problems with the Jackson ObjectMapper

Dec 1, 2021 By Brian Vermeer In Snyk

In a previous blog post, we took a look at Java’s custom serialization platform and what the security implications are. And more recently, I wrote about how improvements in Java 17 can help you prevent insecure deserialization. However, nowadays, people aren’t as dependent on Java’s custom serialization, opting instead to use JSON. JSON is the most widespread format for data serialization, it is human readable and not specific to Java.

Read Post

Java Security Tip: Sanitize user input

Nov 30, 2021 By Snyk In Snyk
Java Security Quick Tip: Always santize user input before you display it in your web app. Displaying user input wideout proper validation or sanitization can lead to cross-site scripting security issues. With the OWASP Encoder library, you can escape scripts and be positive that they will not be executed in the users' browser. In this video I will answer the following questions Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for Java and many other languages.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.