Showing only posts tagged log4j. Show all posts.

Identify Java nested dependencies with Amazon Inspector SBOM Generator

Source

Amazon Inspector is an automated vulnerability management service that continually scans Amazon Web Services (AWS) workloads for software vulnerabilities and unintended network exposure. Amazon Inspector currently supports vulnerability reporting for Amazon Elastic Compute Cloud (Amazon EC2) instances, container images stored in Amazon Elastic Container Registry (Amazon ECR), and AWS …

Using AWS security services to protect against, detect, and respond to the Log4j vulnerability

Source

January 7, 2022: The blog post has been updated to include using Network ACL rules to block potential log4j-related outbound traffic. January 4, 2022: The blog post has been updated to suggest using WAF rules when correct HTTP Host Header FQDN value is not provided in the request. December …

Using AWS security services to protect against, detect, and respond to the Log4j vulnerability

Source

Overview In this post we will provide guidance to help customers who are responding to the recently disclosed log4j vulnerability. This covers what you can do to limit the risk of the vulnerability, how you can try to identify if you are susceptible to the issue, and then what …

Hackers launch over 840,000 attacks through Log4J flaw

Source

Enlarge (credit: Matejmo | Getty Images) Hackers including Chinese state-backed groups have launched more than 840,000 attacks on companies globally since last Friday, according to researchers, through a previously unnoticed vulnerability in a widely used piece of open-source software called Log4J. Cyber security group Check Point said the attacks …