Security

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Nastel Products Are Not Affected by Log4j Vulnerability Issues

Dec 16, 2021 By David Liff In meshIQ

Recent news about Log4j has enterprises and vendors scrambling for information and answers, including customers of messaging middleware and Integration Infrastructure Management (i2M) products. Nastel Technologies customers will not be exposed to any risks from this vulnerability, but enterprises are encouraged to check with their Cloud and other solution vendors to protect themselves and their data.

Read Post

meshIQ

Read more about Nastel Products Are Not Affected by Log4j Vulnerability Issues

The wrong lessons to learn from the Log4j vulnerability

Dec 16, 2021 By Sleuth In Sleuth

Log4j and Java sucks, but I don't use that, so I'm safe...right? Wrong. This video walks through the wrong lessons to take away from the huge Log4j remote code execution vulnerability, and points you at the lessons you should be learning instead. While the Log4j vulnerability may not directly affect you, its type of vulnerabilities certainly do.

View Video

Sleuth

Read more about The wrong lessons to learn from the Log4j vulnerability

SecOps for Safer, More Efficient ITOps

Dec 16, 2021 By ScienceLogic In ScienceLogic

When the Nobel Prize for physics was announced in October 2021, one of the winners was Italian theoretical physicist Giorgio Parisi, whose groundbreaking research helped decode complex physical systems, opening the door for breakthroughs in mathematics, science, and artificial intelligence. Decoding complex physical systems? If the science thing didn’t work out, Parisi could have pursued a career in security operations.

Read Post

ScienceLogic

Read more about SecOps for Safer, More Efficient ITOps

Using LogStream to help with #Log4Shell detection, enrichment, and incident response

Dec 16, 2021 By Cribl In Cribl

Using LogStream to help with #Log4Shell detection, enrichment, and incident response.

View Video

Cribl

Read more about Using LogStream to help with #Log4Shell detection, enrichment, and incident response

How to Monitor for Log4j Files Using NinjaOne

Dec 16, 2021 By Team Ninja In NinjaOne

With news breaking re: Log4Shell (CVE-2021-44228) and exploitation attempts becoming widespread, MSPs and IT teams have been working nonstop to scope their exposure, scan for potential IoCs, apply mitigations, and patch.

Read Post

NinjaOne

Read more about How to Monitor for Log4j Files Using NinjaOne

How we designed Ubuntu Pro for Confidential Computing on Azure

Dec 16, 2021 By Nikos Mavrogiannopoulos In Canonical

Not all data is destined to be public. Moving workloads that handle secret or private data from an on-premise setup to a public cloud introduces a new attack surface with different risks. As the public cloud environment shares its hardware infrastructure, a flaw in the clouds’ isolation mechanisms can be detrimental to the protection of sensitive data. The major public cloud environments tackle this by building their security following a defense-in-depth approach.

Read Post

Canonical

Read more about How we designed Ubuntu Pro for Confidential Computing on Azure

Log4j: Two Tricks to Make Your Next Vulnerability Less Chaotic

Dec 16, 2021 By Matt Beran In InvGate

Tl;dr: Log4j is a mess, if you’re chasing down the applications, services and servers that use Java; consider the suggestions below to make zero day patching easier.

Read Post

InvGate

Read more about Log4j: Two Tricks to Make Your Next Vulnerability Less Chaotic

JavaScript security: Vulnerabilities and best practices

Dec 15, 2021 By Anna Monus In Raygun

If you run an interactive website or application, JavaScript security is a top priority. There’s a huge array of things that can go wrong, from programmatic errors and insecure user inputs to malicious attacks. While JavaScript error monitoring can help you catch many of these issues, understanding common JavaScript security risks and following best practices is just as important.

Read Post

Raygun

Read more about JavaScript security: Vulnerabilities and best practices

Log4j Log4Shell Vulnerability: All You Need To Know

Dec 15, 2021 By JFrog In JFrog

On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.

View Video

JFrog

Read more about Log4j Log4Shell Vulnerability: All You Need To Know

Apache Log4j vulnerability and VMware

Dec 15, 2021 By OpsLogix In OpsLogix

Apache Log4j, an open-source logging software used in everything from online games to enterprise software and cloud data centers, has a severe security vulnerability that has security teams all over the world working frantically to correct it. The internet has been on high alert as hackers increase their efforts to target vulnerable systems, owing to its broad use.

Read Post