Let us not make the same mistakes as we may have done in the past when it was time to move to a new year. We should review the current year(2021) So what happened in 21 that may be different with 22? What should we focus on planning for new year? Of course Jocko Willink … Read more
Affected Software A significant number of Java-based applications are using log4j as their logging utility and are vulnerable to this CVE. To the best of our knowledge, at least the following software may be impacted: Apache Struts Apache Solr Apache Druid Apache Flink ElasticSearch Flume Apache Dubbo Logstash Kafka Spring-Boot-starter-log4j2 So you can see that … Read more
Due to an actively exploited zero-day vulnerability: https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html This bug is a 10 of 10 on the CVSS rating from the article a snippet: Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote code execution (RCE) on any application that uses the open-source utility and affects … Read more
How much cybersecurity do you need? Just enough to stay out of the news? Will you ever be in the news? Have you had an incident response evaluation? Do you do any event monitoring? network security? Identity access ring a bell? Malware prevention and employee security? What will it take to get some people … Read more
Yes there are rumblings of the ZeroLogon issue at Threatpost articles: Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors. Dark Reading article: One year later… a look back at Zerologon! For August 2021 patch Tuesday (August 10th) 120 vulnerabilities are fixed including 2 zero -days and one elevation-of-privilege flaw in Netlogon remote protocol. … Read more
