%term

Log4j Log4Shell Vulnerability: All You Need To Know

Dec 15, 2021 By JFrog In JFrog

On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.

View Video

JFrog

Read more about Log4j Log4Shell Vulnerability: All You Need To Know

Detect Log4j RCE With Graylog GreyNoise

Dec 15, 2021 By Graylog In Graylog

Graylog experts Abe Abernethy and Jeff Darrington show you how to find the Log4j or Log4Shell with Graylog and integration with GreyNoise. #logmanagement #logmanagementdoneright Download Graylog Graylog on Social Media Graylog.

View Video

Graylog

Read more about Detect Log4j RCE With Graylog GreyNoise

Snyk gives warning: update your Apache Log4j software immediately

Dec 14, 2021 By Snyk In Snyk

Last Friday, a critical vulnerability was discovered in the popular open source software, Apache Log4j 2. Developer-first security company, Snyk, warns of the potentially large impact on companies.

Read Post

Snyk

Read more about Snyk gives warning: update your Apache Log4j software immediately

The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Dec 14, 2021 By Zack Allen In Datadog

On December 9, 2021, a critical vulnerability in the popular Log4j Java logging library was disclosed and nicknamed Log4Shell. The vulnerability is tracked as CVE-2021-44228 and is a remote code execution vulnerability that can give an attacker full control of any impacted system. In this blog post, we will: We will also look at how to leverage Datadog to protect your infrastructure and applications.

Read Post

Datadog

Read more about The Log4j Log4Shell vulnerability: Overview, detection, and remediation

Don't panic, we'll get through Log4shell together

Dec 14, 2021 By Snyk In Snyk

On December 10th, the world was greeted by the latest great cyber security threat, and the developer community globally is working tirelessly to secure their applications. Find out what the notorious Log4shell vulnerability is, how developers and organisations are being affected by it, and what exposed ecosystems are doing to mitigate the risk. Guests Brian Clark - Senior Developer Advocate at Snyk Kyle Suero - Senior Security Advocate at Snyk Chris Russell - CISO at tZERO Alyssa Miller - BISO - S&P Global Ratings

View Video

Snyk

Read more about Don't panic, we'll get through Log4shell together

Simplifying detection of Log4Shell

Dec 14, 2021 By Corelight Labs Team In Corelight

Security workers across the world have been busy since last Friday dealing with CVE-2021-44228, the log4j 0-day known as Log4Shell, that is already being heavily exploited across the Internet. Given the huge number of systems that embed the vulnerable library, the myriad ways that attackers can exploit the vulnerability, and the fact that automated exploitation has already begun, defenders should expect to be dealing with it for the foreseeable future.

Read Post

Corelight

Read more about Simplifying detection of Log4Shell

Product demo - Risk based vulnerability management Farsight

Dec 14, 2021 By Outpost 24 In Outpost 24

The sheer volume of vulnerabilities security professionals have to deal with everyday poses a significant challenge to resource and time to patch. Learn how to narrow down high risk CVEs by focusing on exploit availability and threat context beyond CVSS.

View Video

Outpost 24

Read more about Product demo - Risk based vulnerability management Farsight

Find and fix the Log4Shell exploit fast with Snyk

Dec 13, 2021 By Ariel Ornstein In Snyk

Even if you tried VERY hard to enjoy a quiet weekend, chances are that this plan was interrupted at least once by the new Log4Shell zero-day vulnerability that was disclosed on Friday (December 10, 2021). The new vulnerability was found in the open source Java library log4j-core which is a component of one of the most popular Java logging frameworks, Log4J.

Read Post

Snyk

Read more about Find and fix the Log4Shell exploit fast with Snyk

Important Updates on Critical Log4j/Log4Shell Vulnerabilities

Dec 13, 2021 By Mark Manglicmot In Arctic Wolf

On Thursday, December 9, security researchers published a proof-of-concept exploit code for CVE-2021-44228, a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications. Also known as Log4Shell, the situation is significant and continues to evolve, and the Cybersecurity and Infrastructure Security Agency is recommending immediate action.

Read Post

Arctic Wolf

Read more about Important Updates on Critical Log4j/Log4Shell Vulnerabilities

Mitigating log4j with Runtime-based Kubernetes Network Policies

Dec 13, 2021 By Alberto Pellitteri In Sysdig

A critical vulnerability, CVE-2021-44228 known as “log4shell,” in Apache’s log4j was revealed on December 10th, 2021, and has already seen wide exploitation around the Internet. Previously, we discussed the vulnerability and how to find it in your images using Sysdig Scanning reports. In a perfect world, patching would be quick, easy, and completed without any issues.

Read Post