• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cynet log4shell webinar: a thorough and clear explanation

Cynet Log4Shell Webinar: A Thorough – And Clear – Explanation

You are here: Home / General Cyber Security News / Cynet Log4Shell Webinar: A Thorough – And Clear – Explanation
February 4, 2022

Most security practitioners are now informed of the Log4Shell vulnerability uncovered towards the end of 2021. No a single is familiar with how long the vulnerability existed just before it was found. The past pair of months have had security groups scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library greatly made use of to log error messages in programs. Over and above patching, it is practical and instructive for security practitioners to have a further understanding of this most recent critical vulnerability.

Fortuitously, Cynet Senior Security Researcher Igor Lahav is hosting a webinar [Register here] to give “buzzword free” insights into Log4Shell. Centered on a webinar preview offered by Cynet, the dialogue will address the program bugs in Apache Log4j that permitted the critical vulnerability, the exploits utilised to acquire advantage of the vulnerabilities and the remediation alternatives readily available to shield your firm. This webinar will aid make feeling of the often overly specialized analysis of Log4Shell we’ve been issue to around the previous few of months.

— What is Log4j?

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Right before you can definitely grasp the magnitude of the Log4Shell vulnerability, it is really needed to have an understanding of the fundamental technology. The Cynet webinar actions via what the Log4j library is and how it can be utilized in Java. It also explains a aspect utilised by the logging process named Java Naming Listing Interface (JDNI) and how it is utilised by log4j to enable have an understanding of the vulnerability.

— The Vulnerabilities

The root result in of this vulnerability is the way Log4j procedures log messages, and the webinar clearly measures by the software package bugs that manufactured the Log4j logging system susceptible to attackers. This contains a description of how JNDI injection works and why it can direct to issues as perfectly as what remote Log4j configuration is and how attackers can leverage it to attain accessibility.

— The Exploits

Just how do attackers acquire gain of the Log4j vulnerabilities? Cynet shares the action-by-phase attacks they’ve found in the wild, which reveal a significant level of attacker abilities. They exhibit how attackers bypass static detections, how they attain distant code execution by bypassing two prevalent checking features (allowedLdapClasses and allowedLdapHosts).

— The Mitigations

At last, Cynet measures through the mitigation actions organizations really should choose, which include locating vulnerable programs, patching selections, crucial configuration adjustments and patching 3rd party programs. You will also master about the Cynet Log4Shell exploit detections in Windows and Linux.

Wrapping Up

Cynet will also share discoveries from a number of recent incident reaction investigations, these types of as lively exploitations of the Log4Shell vulnerability on VMware Horizon Servers by distinctive threat actors who deployed Cobalt Strike beacons, Cryptominers, and fileless reverse shells. Although you may perhaps have study other stories or attended other webinars masking Log4Shell, this a person pulls it all jointly and measures by the vulnerability, exploits, advisable remediations and most recent incidents basically and obviously.

Sign up to the webinar here.

Observed this short article exciting? Observe THN on Fb, Twitter  and LinkedIn to study far more distinctive information we submit.


Some pieces of this post are sourced from:
thehackernews.com

Previous Post: «cisa warns of critical vulnerabilities discovered in airspan networks mimosa CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa
Next Post: Russian Gamaredon Hackers Targeted ‘Western Government Entity’ in Ukraine russian gamaredon hackers targeted 'western government entity' in ukraine»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Sioux Falls Funds DSU Cybersecurity Lab
  • ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps
  • Irish Watchdog Fines Meta $19m Over Data Breach
  • Avast Merger Raises Competition Concerns
  • Linux botnet spreads using Log4Shell flaw
  • Another Destructive Wiper Targets Organizations in Ukraine
  • New “B1txor20” Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
  • New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
  • FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Copyright © TheCyberSecurity.News, All Rights Reserved.