Showing only posts tagged log4shell. Show all posts.

Jan 08 2022 Using AWS security services to protect against, detect, and respond to the Log4j vulnerability

January 7, 2022: The blog post has been updated to include using Network ACL rules to block potential log4j-related outbound traffic. January 4, 2022: The blog post has been updated to suggest using WAF rules when correct HTTP Host Header FQDN value is not provided in the request. December …

Dec 15 2021 Using AWS security services to protect against, detect, and respond to the Log4j vulnerability

Source

Overview In this post we will provide guidance to help customers who are responding to the recently disclosed log4j vulnerability. This covers what you can do to limit the risk of the vulnerability, how you can try to identify if you are susceptible to the issue, and then what …

Dec 13 2021 Open source hotpatch for Apache Log4j vulnerability

Source

At Amazon Web Services (AWS), security remains our top priority. As we addressed the Apache Log4j vulnerability this weekend, I’m pleased to note that our team created and released a hotpatch as an interim mitigation step. This tool may help you mitigate the risk when updating is not …