The Latest with Log4J

https://is1-ssl.mzstatic.com/image/thumb/Podcasts125/v4/23/aa/58/23aa5888-9373-d3b4-a582-687c7cb1ab48/mza_5075835720473295806.jpg/600x600bb.jpg

Cloud Security News

Cloud Security Podcast Team

40 episodes

1 week ago

Your weekly digest of what you need to know in the world of Cloud Security. We do the hard work for you, so you are always across the important bits. Brought to you by the team behind the much loved Cloud Security Podcast

Tech News

News

RSS

All content for Cloud Security News is the property of Cloud Security Podcast Team and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Tech News

News

https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_nologo400/17528410/17528410-1629896564259-5fbfc1da8745c.jpg

The Latest with Log4J

Cloud Security News

3 minutes 56 seconds

3 years ago

The Latest with Log4J

Cloud Security News this week 22 December 2021

Most folks in cybersecurity have been consumed with all things Log4shell with a CVSS score of 10, since last week. Check out last week’s episode or our special feature on Log4shell on YouTube by Ashish Rajan if you want to know a bit more about how it started and what its all about So, where have things landed with it all so far.
To remedy the Log4Shell vulnerability, Apache has issues several patches however with each patch, additional issues were reported. The latest patch is the third installment 2.17.0 to address a new vulnerability that allow for denial of service attacks. While apache and other organisations rush to remedy and patch these vulnerabilities, an explosion of attacks continue. Belgium’s defence ministry revealed that it had been forced to shut down parts of its network after a hacker group exploited log4j to gain entry to its systems. Security firm Check Point has been monitoring the situation and, at one point, reported seeing more than 100 Log4J attacks per minute.The hackers are scattered globally. Checkpoint further reported that more than half of the exploits come from well-known hacking groups using it to deploy common malware like Tsunami and Mirai. Sentinel one has reported that “Observed exploit attempts in the wild thus far have led to commodity cryptominer payloads or other known and commodity post-exploitation methods. They expect further opportunistic abuse by a wide variety of attackers, including ransomware and nation-state actors.”
The latest apache update is available here. The SentinelOne blog is available here and Checkpoint blog is available here,
Whilst we are scrambling to stay on top log4Shell, a few exciting things have occurred in the world of Cloud Security as well, Ermetic announced a $70 million series B funding round. Their platform secures cloud infrastructure by focusing on identity security and reducing the attack surface across a multi-cloud deployment. The platform is expanding its support for Kubernetes container orchestration which they refer to like the fourth cloud. Learn more about Ermetic here.
And in other news Container and cloud security unicorn Sysdig scored $350 million in a Series G funding. This raises their total funding to $744 million and pushes valuation to $2.5 billion. Sysdig offers security and performance monitoring services tailored toward cloud-native applications and are looking to utilise the latest funding to accelerate the expansion of these services into new markets, increase its headcount and customer base, and invest in research and development. Learn more about Sysdig here

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

Instagram - Cloud Security News

If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

- Cloud Security Podcast:

- Cloud Security Academy: