• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cynet log4shell webinar: a thorough and clear explanation

Cynet Log4Shell Webinar: A Thorough – And Clear – Explanation

You are here: Home / General Cyber Security News / Cynet Log4Shell Webinar: A Thorough – And Clear – Explanation
February 4, 2022

Most security practitioners are now informed of the Log4Shell vulnerability uncovered towards the end of 2021. No a single is familiar with how long the vulnerability existed just before it was found. The past pair of months have had security groups scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library greatly made use of to log error messages in programs. Over and above patching, it is practical and instructive for security practitioners to have a further understanding of this most recent critical vulnerability.

Fortuitously, Cynet Senior Security Researcher Igor Lahav is hosting a webinar [Register here] to give “buzzword free” insights into Log4Shell. Centered on a webinar preview offered by Cynet, the dialogue will address the program bugs in Apache Log4j that permitted the critical vulnerability, the exploits utilised to acquire advantage of the vulnerabilities and the remediation alternatives readily available to shield your firm. This webinar will aid make feeling of the often overly specialized analysis of Log4Shell we’ve been issue to around the previous few of months.

— What is Log4j?

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Right before you can definitely grasp the magnitude of the Log4Shell vulnerability, it is really needed to have an understanding of the fundamental technology. The Cynet webinar actions via what the Log4j library is and how it can be utilized in Java. It also explains a aspect utilised by the logging process named Java Naming Listing Interface (JDNI) and how it is utilised by log4j to enable have an understanding of the vulnerability.

— The Vulnerabilities

The root result in of this vulnerability is the way Log4j procedures log messages, and the webinar clearly measures by the software package bugs that manufactured the Log4j logging system susceptible to attackers. This contains a description of how JNDI injection works and why it can direct to issues as perfectly as what remote Log4j configuration is and how attackers can leverage it to attain accessibility.

— The Exploits

Just how do attackers acquire gain of the Log4j vulnerabilities? Cynet shares the action-by-phase attacks they’ve found in the wild, which reveal a significant level of attacker abilities. They exhibit how attackers bypass static detections, how they attain distant code execution by bypassing two prevalent checking features (allowedLdapClasses and allowedLdapHosts).

— The Mitigations

At last, Cynet measures through the mitigation actions organizations really should choose, which include locating vulnerable programs, patching selections, crucial configuration adjustments and patching 3rd party programs. You will also master about the Cynet Log4Shell exploit detections in Windows and Linux.

Wrapping Up

Cynet will also share discoveries from a number of recent incident reaction investigations, these types of as lively exploitations of the Log4Shell vulnerability on VMware Horizon Servers by distinctive threat actors who deployed Cobalt Strike beacons, Cryptominers, and fileless reverse shells. Although you may perhaps have study other stories or attended other webinars masking Log4Shell, this a person pulls it all jointly and measures by the vulnerability, exploits, advisable remediations and most recent incidents basically and obviously.

Sign up to the webinar here.

Observed this short article exciting? Observe THN on Fb, Twitter  and LinkedIn to study far more distinctive information we submit.


Some pieces of this post are sourced from:
thehackernews.com

Previous Post: «cisa warns of critical vulnerabilities discovered in airspan networks mimosa CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa
Next Post: Russian Gamaredon Hackers Targeted ‘Western Government Entity’ in Ukraine russian gamaredon hackers targeted 'western government entity' in ukraine»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.