Lacework

FEBRUARY 24, 2022

On December 10th, 2021, CVE-2021-44228 took the security industry by storm when a remote code execution vulnerability was discovered in the popular logging library “ Log4j ”. Almost two months after this event, and numerous new CVEs ([ 1 ],[ 2 ],[ 3 ]), the industry is still feeling the fall out of this vulnerability.

Google Cloud 52

Google Cloud Malware Azure Research 52

Tenable

AUGUST 5, 2022

5 | Don’t take your eye off the Log4j ball. Log4j: It’s a marathon race not a sprint. Like an insufferable houseguest who overstays his welcome, the cataclysmic Log4j vulnerability will be around for a long time – possibly as much as a decade after its earth-shaking discovery in December of last year. And much more!

Development Team Review 52

Development Team Review Software Review Systems Review Technical Review 52

Tenable

DECEMBER 9, 2022

Get the latest on the anniversary of the Log4j crisis; OWASP’s top CI/CD risks; a surge of infostealer malware; the fund transfer fraud — business email compromise connection; and more! . 1 - One year after Log4j crisis, what have we learned? To get all the details, read the blog “ Are You Ready for the Next Log4Shell?

Software Review 52

Software Review SMB Malware Development Team Review 52

Tenable

FEBRUARY 2, 2024

CISA is calling on router makers to improve security, because attackers like Volt Typhoon compromise routers to breach critical infrastructure systems. Meanwhile, data breaches hit an all-time high in the U.S. Plus, Italy says ChatGPT violates EU privacy laws. Dive into six things that are top of mind for the week ending February 2. So said the U.S.

Infrastructure 121

Infrastructure Open Source ChatGPT Software Review 121

Modus Create

FEBRUARY 1, 2022

This post will show you how adopting DevSecOps practices can mitigate vulnerabilities in libraries like Log4j. You will find answers to questions such as: Why do we need logging frameworks like Log4j? How did a lookup plugin in Log4j impact thousands of downstream applications and devices? What is Log4j?

Software Review 59

Software Review Systems Review Weak Development Team Off-The-Shelf 59

Tenable

AUGUST 19, 2022

A roundup of important vulnerabilities, trends and incidents. A ransomware defense guide for SMBs. Protect what’s on your network, via secure configurations, account and access management, vulnerability management and employee security awareness. Topics that are top of mind for the week ending Aug. And much more! million.

IoT 52

IoT Malware Windows Guidelines 52

Tenable

DECEMBER 30, 2022

1 – Log4J’s Log4Shell: Emblematic of VM complexities . Little over a year after the Log4j crisis, few data points illustrate the challenges of vulnerability management as well as Tenable’s finding that, as of October, 72% of global organizations remained exposed to Log4Shell, despite its unprecedented severity, pervasiveness and notoriety.

Cloud 98

Cloud Technical Review Software Review Systems Review 98