%term

Log4j Log4Shell Vulnerability: All You Need To Know

Dec 15, 2021 By JFrog In JFrog

On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.

View Video

JFrog

Read more about Log4j Log4Shell Vulnerability: All You Need To Know

Kroger Uses JFrog Xray for Software Security and License Compliance

Dec 15, 2021 By JFrog In JFrog

Kroger leverages the JFrog platform to give developers visibility into their software vulnerabilities and make informed decisions on what to fix. See how Kroger has implemented secure DevOps processes with automated vulnerability scanning and open-source software (OSS) license compliance capabilities to support their development and security teams.

View Video

JFrog

Read more about Kroger Uses JFrog Xray for Software Security and License Compliance

Fireside Chat: Log4j and Injection Flaws

Dec 15, 2021 By Snyk In Snyk

Join us for a fireside chat with Micah Silverman, Snyk's Director of DevSecOps Acceleration, and Vandana Verma, Security Relations Leader at Snyk, as we answer your #Log4Shell questions: What is it and how does it affect us? How do I find and fix the #Log4J vulnerability? What can other language ecosystems learn from this? We'll also talk about the OWASP Top 10 and injection flaws.

View Video

Snyk

Read more about Fireside Chat: Log4j and Injection Flaws

Introducing Teleport Access Plane for Linux and Windows Hosts

Dec 15, 2021 By Ben Arent In Teleport

We are excited to welcome Windows hosts to the Teleport Access Plane. For the past 5 years we’ve helped refine our Access Plane for Linux hosts, providing short-lived certificate-based access, RBAC and developer-friendly access to resources. As we’ve rolled Teleport to larger organizations, we found that people wanted the same convenience and security of Teleport but for Windows hosts.

Read Post

Teleport

Read more about Introducing Teleport Access Plane for Linux and Windows Hosts

Ensure 'Store passwords using reversible encryption' is set to 'Disabled'

Dec 15, 2021 By Keren Pollack In CalCom

Password storage and encryption are an essential part of your password policy. Reversible encryption is known for being vulnerable to attacks. Therefore, it is crucial to map its usage and try to avoid it as much as possible.

Read Post

CalCom

Read more about Ensure 'Store passwords using reversible encryption' is set to 'Disabled'

Snyk gives warning: update your Apache Log4j software immediately

Dec 14, 2021 By Snyk In Snyk

Last Friday, a critical vulnerability was discovered in the popular open source software, Apache Log4j 2. Developer-first security company, Snyk, warns of the potentially large impact on companies.

Read Post

Snyk

Read more about Snyk gives warning: update your Apache Log4j software immediately

The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Dec 14, 2021 By Zack Allen In Datadog

On December 9, 2021, a critical vulnerability in the popular Log4j Java logging library was disclosed and nicknamed Log4Shell. The vulnerability is tracked as CVE-2021-44228 and is a remote code execution vulnerability that can give an attacker full control of any impacted system. In this blog post, we will: We will also look at how to leverage Datadog to protect your infrastructure and applications.

Read Post

Datadog

Read more about The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Build securely with Snyk and GKE Autopilot

Dec 14, 2021 By Jay Yeras In Snyk

Speak with any customer in tech and the word Kubernetes will surely find its way into the conversation at some point or another. In terms of orchestration, automating deployments, scaling, managing containerized applications to meet growing customer demand, Kubernetes provides users with extensibility and flexibility.

Read Post

Snyk

Read more about Build securely with Snyk and GKE Autopilot

Don't panic, we'll get through Log4shell together

Dec 14, 2021 By Snyk In Snyk

On December 10th, the world was greeted by the latest great cyber security threat, and the developer community globally is working tirelessly to secure their applications. Find out what the notorious Log4shell vulnerability is, how developers and organisations are being affected by it, and what exposed ecosystems are doing to mitigate the risk. Guests Brian Clark - Senior Developer Advocate at Snyk Kyle Suero - Senior Security Advocate at Snyk Chris Russell - CISO at tZERO Alyssa Miller - BISO - S&P Global Ratings

View Video

Snyk

Read more about Don't panic, we'll get through Log4shell together

How to Create a SPDX SBOM Using WhiteSource

Dec 14, 2021 By Mend In Mend

In this short video, we will demonstrate how to create an NTIA compliant Software Bill of Materials for applications that have been scanned using WhiteSource.

View Video

Mend

Read more about How to Create a SPDX SBOM Using WhiteSource

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Log4j Log4Shell Vulnerability: All You Need To Know

Kroger Uses JFrog Xray for Software Security and License Compliance

Fireside Chat: Log4j and Injection Flaws

Introducing Teleport Access Plane for Linux and Windows Hosts

Ensure 'Store passwords using reversible encryption' is set to 'Disabled'

Snyk gives warning: update your Apache Log4j software immediately

The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Build securely with Snyk and GKE Autopilot

Don't panic, we'll get through Log4shell together

How to Create a SPDX SBOM Using WhiteSource

Monthly Archive

Follow Us