Last week, the United States Cybersecurity and Infrastructure Security Agency issued an alert about a new vulnerability in Apache Log4j that you should be aware of.
What you need to know
Log4Shell is a new vulnerability being actively exploited in the wild that should be mitigated ASAP.
The TrustedSite platform does not rely on Log4j and is not, and has not, been vulnerable.
New vulnerability definitions in TrustedSite’s Server and Application Scanning services will identify potentially vulnerable assets.
Manual inspection is required in addition to TrustedSite services.
Related Category: Application Security
Type of Content: Articles
The Log4Shell vulnerability lies in Apache Log4j versions 2.0 through 2.14.1. The bug can be easily exploited to enable Remote Code Execution. Some hackers have already developed tools that automatically attempt to exploit the bug. As reported by WIRED, Log4j is widely used in enterprise systems and web apps and it is expected that many mainstream services will be affected. Apache rates the vulnerability at “critical” severity and has published patches and mitigations.
Conduct an immediate audit of your code to find dependencies that rely on Log4j. TrustedSite’s Firewall Monitoring can assist you in finding Apache running on your servers. Additionally, several new vulnerabilities are now being detected with Server and Application Scanning.
With this announcement of the latest critical vulnerability, it’s important to remember that you can’t protect what you don’t know about. If your organization has lost sight of digital assets over the years, it’s possible you could be susceptible to the Log4Shell vulnerability and not realize it. Practicing attack surface management can help ensure you’ve cataloged every asset you have exposed to the internet. With a complete inventory of your attack surface, you can be more confident that no vulnerabilities are hiding in the shadows.
>> Download Article to continue reading.
FortiOS, the Fortinet network operating system, is the heart of the Fortinet Security Fabric. This operating system, or software, is at the core of the Security Fabric and ties all components together to ensure a tight integration across an organization’s entire Fabric deployment.
Ask a group of security analysts about the challenges of working in cybersecurity, and you’ll likely hear some common themes....
In order to stay competitive and reduce costs, smart enterprises are constantly on the hunt for disruptive ways to leverage technology. They’re moving towards hybrid IT environments because they recognize the benefits of faster implementations and high cost savings that come with moving from on-premises to cloud-based applications and infrastructure.
In the decades since “cloud computing” first achieved buzzword status, its benefits have been widely proven. And now that the shift to both dynamic work environments and digitized customer experiences has rapidly accelerated, migrating these applications to the cloud is more important than ever.
Organizations are rapidly adopting digital innovation (DI) initiatives to accelerate their businesses, reduce costs, improve efficiency, and provide better customer experiences. Common initiatives involve moving applications and workflows to the cloud, deploying Internet-of-Things (IoT) devices on the corporate network, and expanding the organization’s footprint to new branch locations.
There’s a lot of truth to the statement that all companies are technology companies. After all, the core focus of a technology company is to deliver software, whether internally to empower the workforce or externally to serve customers. Technology companies also maintain servers to create, collect, store, and access data—which is now the norm for organizations worldwide, whether public or private, commercial or enterprise.
The drawbacks of passwords are well known – simply put, they can be hard to remember, easy to hack and a general nuisance for both end users and security personnel. However, passwords remain a staple of many organizations’ security frameworks, despite the fact that the cybersecurity industry has been calling for the death of passwords for nearly 20 years now.
Retail banking includes traditional players such as brick-and-mortar banks that operate at community, national, or even international levels. It also includes many new players, such as challenger banks that only operate online, financial technology companies (FinTechs), and nonfinancial companies seeking to disrupt the status quo and compete for market share, such as Amazon, Apple, and Facebook. Unlike traditional banks, these new players are often digital natives that bring some strategic “big-tech” advantages to serving customers in an increasingly online world.
Device trust is the process of analyzing whether a device should be trusted and therefore is authorized to do something. It’s critical that the devices accessing company data are trustworthy. Determining which devices should be trusted is a unique decision made by each organization depending on their risk tolerance and compliance requirements.
The world of Identity and Access Management (IAM) is rarely controversial. But today, there is a battle brewing in how we-as an industry-talk about customer-facing use cases for IAM. The world of Identity and Access Management (IAM) is rarely controversial. But today, there is a battle brewing in how we-as an industry-talk about customer-facing use cases for IAM. Many are starting to refer to this as Customer IAM or Consumer IAM, both abbreviated as CIAM. CIAM does have some unique requirements. But that does not mean that you must use a product that only focuses on CIAM. Okta’s approach is to offer a broad IAM cloud service with a strong foundational platform and functionality that enables CIAM use cases—we believe ultimately a better long-term choice.