News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Day: Log4j

Log4j alarm: this is what Arctic Wolf recommends
18 December 2021
| No comments
| Short news
Log4j Log4shell

IT professionals are alarmed about the Log4j security vulnerability. What is currently the greatest difficulty facing companies? Which companies are particularly hard hit and what should those responsible do now? A comment from Dr. Sebastian Schmerl, Director Security Services EMEA at Arctic Wolf. What is currently the greatest difficulty facing companies? The difficulty for many companies currently is to identify whether they are using Log4j and in which configuration. This often cannot be answered easily without active monitoring, a software inventory or vulnerability scanning. The situation is different for companies that offer solutions such as ...

Read more

Log4j alarm: this is what Trend Micro recommends
17 December 2021
| No comments
| Stories
Log4j Log4shell

As an immediate reaction to log4j, companies can follow detailed recommendations and apply existing patches and apply best practices. But in a second step you should take a general look at processes related to software supply chains. Ultimately, Log4Shell, however security-relevant the gap may be, is “only” a faulty component in the software supply chain, ”says Udo Schneider, IoT Security Evangelist Europe at Trend Micro. Log4Shell - Do you know your software supply chain? The critical threat posed by the Log4Shell vulnerability naturally requires an immediate response. But in the second step, companies generally have to ask themselves questions about ...

Read more

Log4j alert: Chinese and Iranian government actors attack
17 December 2021
| No comments
| Short news

It is the most critical vulnerability discovered in years. Countless companies around the world are vulnerable and the situation is developing rapidly. Mandiant has identified that Chinese and Iranian government actors are already exploiting the vulnerability in log4j. Commenting on the latest findings, John Hultquist, VP of Intelligence Analysis at Mandiant, “We know that Chinese and Iranian government actors are exploiting this vulnerability, and we expect other state actors are doing the same or are preparing to do so. We believe these actors will act quickly to gain a foothold in coveted networks. With the…

Read more

Log4j alarm: what Sophos recommends
17 December 2021
| No comments
| PR News, Sophos
Log4j Log4shell

Java vulnerability Log4j - Log4Shell - What happened and what should be done now. After Hafnium, Kaseya or Solarwinds, companies urgently need to grapple with a high-profile server vulnerability called Log4j - Log4Shell. Sophos clarifies the most important facts and tells you what to do. The name Log4Shell refers to the fact that the exploited bug is contained in a popular Java code library called Log4j (Logging for Java), and to the fact that if attackers successfully exploit the vulnerability, they practically get a shell - that is, the opportunity , any system code of your choice ...

Read more

Webinar December 17, 2021: Log4j - effectively protecting against the vulnerability
16 December 2021
| No comments
| Kaspersky, Short news
Kaspersky_news

Security provider Kaspersky invites you to a top-class webinar on the topic of the Log4j vulnerability: Protecting against the vulnerability effectively. The free webinar starts on December 17, 2021 at 14 p.m. On December 00th, security researchers discovered a critical vulnerability in the Apache Log09j library, which is used for millions of Java applications. Using CVE-4-2021, also known as “Log44228Shell”, attackers can execute arbitrary code and even gain full control over a system if the vulnerability is exploited on a vulnerable server. The CVE was rated 4 out of 10 for ...

Read more

Log4j alarm: this is what Kaspersky recommends 
16 December 2021
| No comments
| Kaspersky, PR News
Log4j Log4shell

A new, particularly critical vulnerability was discovered in the Apache Log4j library last week. This is used for millions of Java applications. Here are a few recommendations from the Kaspersky experts. Log4Shell - also known as LogJam and under the designation CVE-2021-44228 - is a so-called Remote Code Execution (RCE) class vulnerability. This allows attackers to execute arbitrary code and possibly gain full control over a system if it is exploited on a vulnerable server. The CVE was rated 10 out of 10 for severity. Log4j in millions of Java applications The Apache ...

Read more

Log4j alarm: this is what IT security experts recommend 
16 December 2021
| No comments
| Stories
Log4j Log4shell

IT security experts comment on the log4j security gap for which the BSI has declared the warning level red. Experts from Barracuda Networks, Radar Cyber ​​Security and ForeNova provide an assessment of the situation. Jonathan Tanner, Senior Security Researcher at Barracuda Networks How can companies identify this vulnerability in their technology and what are the risks if it is not addressed? “First you should check whether a version of log4j prior to 2.15.0 is being used, including the dependencies. Both Maven and Gradle - both Java-based build management tools - offer the option of creating the entire dependency tree for ...

Read more

Log4j alert: Bitdefender detects ongoing attacks
16 December 2021
| No comments
| Bitdefender, Short news
Bitdefender_News

Bitdefender Labs experts observe numerous current attacks that exploit the Log4j vulnerability. Successful attacks to embed Kryptominern as well as attempted ransomware attacks can be confirmed. The most important results of an initial inventory by Bitdefender at a glance: The cyber criminals are trying to embed a new ransomware family, Khonsari. They are now also attacking Microsoft Windows systems after the hackers initially targeted Linux servers. Attackers also try to implement the remote access Trojan (RAT) Orcus via the vulnerability. You are trying to download shellcode from hxxp: //test.verble.rocks/dorflersaladreviews.bin.encrypted and inject it into the memory of the conhost.exe process. This shellcode decrypts and downloads other malicious ...

Read more

Log4j alarm: Mandiant provides tools 
16 December 2021
| No comments
| Short news

The BSI has issued the highest warning level for the security hole discovered a few days ago in the widely used Java library log4j. Mandiant provides free tools for creating rules for the systematic search for deserialization exploits. Mandiant released free tools on GitHub today that companies can use to create rules for systematically searching for deserialization exploits and other types of zero-day exploits. This also includes rules for finding the JNDI Code Injection Zero-Day, which was published for log4j last week. Rules Against Deserialization Exploits In a new blog post, Mandiant describes ...

Read more

BSI: Extremely critical vulnerability in the Java library Log4j 
13 December 2021
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI, Federal Office for Information Security, calls out the warning level red because of the Java library Log4j and its vulnerability Log4Shell. The problem creates an extremely critical threat level. According to the Federal Office for Information Security (BSI), the critical vulnerability (Log4Shell) in the widespread Java library Log4j leads to an extremely critical threat situation. The BSI has therefore upgraded its existing cyber security warning to warning level red. The reason for this assessment is the very widespread use of the affected product and the associated effects on countless other products. The weak point ...

Read more

© 2024 MedPressIT GbR
Cookie Settings