This is the final summary of our 2021 security hardening holiday calendar. We wanted to provide educational, useful, and actionable security advice, and we’re really pleased with the reception! Thank you for reading and following along.

If you have access to the internet, it’s likely that you have already heard of the critical vulnerability in the Log4j library. A zero-day vulnerability in the Java library Log4j, with the assigned CVE code of CVE-2021-44228, has been disclosed by Chen Zhaojun, a security researcher in the Alibaba Cloud Security team. It’s got people worried—and with good reason.

Netreo enjoyed a tremendous year, and we are all exceedingly grateful for our outstanding customers. May you, your colleagues, family and friends enjoy a healthy and happy holiday season filled with laughter, warmth and joy. We know our success is based on your success, so without further ado, let’s take a look at how our 2021 highlights will fuel a great 2022 for all our customers!

In light of the recent news about yet another reported Zero-Day Exploit and the accompanying discussions about security, let’s touch on the topic of security audits and how Enterprise Alert can be configured to avoid or at least minimize potential security impact. First, let’s establish what we mean by security audit.

Modern day software development approaches such as DevOps, have certainly reduced development time. However, tighter release deadlines push security practices to a corner. This blog explains how Shifting Security to the Left introduces security in the early stages of DevOps Lifecycle, thus fixing software bugs proactively. We have come a long way in the DevOps lifecycle, from releasing the code every month(or sometimes more than that) to every day(or every hour).

The internet has been ablaze since the announcement of Log4Shell, the nickname for CVE-2021-44228, an arbitrary remote code execution vulnerability in the Java logging utility Log4j. So far two additional vulnerabilities ( CVE 2021-45046, CVE-2021-45105) have now been identified. The code has been vulnerable since 2013 and millions of hosts and services are affected.

This post originally appeared on The New Stack and is re-published here with permission. In our technology-driven business climate, most companies have at least some, if not all, workloads on the cloud. And unlike on-premises networks, these cloud environments lack secure outer perimeters and specific off times. Cloud networks are always on and always available. While convenient, this also means hackers can access them at any time.

This december, we are posting security advice and modules, every day until December 25th. Now, it’s December 21st, and we’ve gotten through most of the security hardening holiday calendar.

While I write this blog post, I reflect on the years of being a system administrator and the task of ensuring that no sensitive data made its way past me. What a daunting task right? The idea that sensitive data can make its way through our systems and other tools and reports is terrifying! Not to mention the potential financial/contractual problems this can cause.

Researchers discovered that diagnostic artificial intelligence models used to detect cancer were fooled by cyberattacks that falsify medical images. Diagnostic artificial intelligence (AI) models hold promise in clinical research, but a new study conducted by University of Pittsburgh researchers and published in Nature Communications found that cyberattacks using falsified medical images could fool AI models.