When the Nobel Prize for physics was announced in October 2021, one of the winners was Italian theoretical physicist Giorgio Parisi, whose groundbreaking research helped decode complex physical systems, opening the door for breakthroughs in mathematics, science, and artificial intelligence. Decoding complex physical systems? If the science thing didn’t work out, Parisi could have pursued a career in security operations.

With news breaking re: Log4Shell (CVE-2021-44228) and exploitation attempts becoming widespread, MSPs and IT teams have been working nonstop to scope their exposure, scan for potential IoCs, apply mitigations, and patch.

Not all data is destined to be public. Moving workloads that handle secret or private data from an on-premise setup to a public cloud introduces a new attack surface with different risks. As the public cloud environment shares its hardware infrastructure, a flaw in the clouds’ isolation mechanisms can be detrimental to the protection of sensitive data. The major public cloud environments tackle this by building their security following a defense-in-depth approach.

Tl;dr: Log4j is a mess, if you’re chasing down the applications, services and servers that use Java; consider the suggestions below to make zero day patching easier.

If you run an interactive website or application, JavaScript security is a top priority. There’s a huge array of things that can go wrong, from programmatic errors and insecure user inputs to malicious attacks. While JavaScript error monitoring can help you catch many of these issues, understanding common JavaScript security risks and following best practices is just as important.

Apache Log4j, an open-source logging software used in everything from online games to enterprise software and cloud data centers, has a severe security vulnerability that has security teams all over the world working frantically to correct it. The internet has been on high alert as hackers increase their efforts to target vulnerable systems, owing to its broad use.

If you are currently running the Robot Operating System 2 (ROS 2), this piece is especially relevant to the security of your robots. A few weeks ago, a group of security researchers reported 13 security vulnerabilities affecting some of the most used implementations of DDS, the default middleware used by ROS 2.

On December 9, 2021, a critical vulnerability in the popular Log4j Java logging library was disclosed and nicknamed Log4Shell. The vulnerability is tracked as CVE-2021-44228 and is a remote code execution vulnerability that can give an attacker full control of any impacted system. In this blog post, we will: We will also look at how to leverage Datadog to protect your infrastructure and applications.

It seems that every few weeks, we are alerted to a new significant security issue within one of the plethoras of code elements that are widely used. The same pundits discuss the same range of concerns with open-sourced code each time. The list of “usual suspects” is long, and I know I could add at least 20 additional “reasons” to this list without thinking about it too hard. I’m not sure that open-sourced code is riskier than proprietary developed code. There I said it.