• Latest
  • Trending
Arctic Wolf Script Can Discover Log4Shell Vulnerabilities

Arctic Wolf Script Can Discover Log4Shell Vulnerabilities

December 24, 2021
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Wednesday, 8 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Arctic Wolf Script Can Discover Log4Shell Vulnerabilities

by ITECHNEWS
December 24, 2021
in Leading Stories, Opinion
0 0
0
Arctic Wolf Script Can Discover Log4Shell Vulnerabilities

Arctic Wolf, a provider of managed security services, this week made available a script that helps scanning tools to discover Log4Shell vulnerabilities.

Ian McShane, field CTO for Artic Wolf, said Arctic Wolf has been using a Log4Shell Deep Scan script to detect both CVE-2021-45046 and CVE-2021-44228 vulnerabilities within nested JAR files, as well as WAR and EAR files.

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

In many cases, developers have copied a subset of the Log4j log management tool into their applications to make it easier to monitor behavior. The challenge is that many scanners can’t discover that code when it is nested within a file, said McShane.

The script created by Arctic Wolf works with both Windows and macOS/Linux operating systems. The script conducts a deeper scan of a host’s filesystem to identify Java applications and libraries with vulnerable Log4j code. Once identified, the script will flag it and identify its location within the host’s filesystem.

McShane said most organizations will likely find themselves spending the next several weeks searching all the Java applications they’ve deployed for Log4j vulnerabilities. The Log4Shell Deep Scan script is being made available on GitHub to any provider of scanning tools that chooses to incorporate it free of charge.

In the longer term, McShane said it’s apparent that the industry will need to address how IT vendors vet open source code. The core Log4j log management tool is maintained by a small handful of individuals. IT vendors have widely used that code without contributing much help to the maintainers of that project to ensure that code is secure.

Less clear is to what degree this vulnerability may encourage IT organizations to retire some Java applications. Such a move is not likely to be taken likely; as other programming languages gain traction, many organizations are modernizing their application portfolios. In some cases, those efforts are being made as part of a larger review of the overall software supply chain.

In the meantime, security teams should expect to see more zero-day vulnerabilities involving open source code that is often maintained by a small number of contributors and maintainers with limited cybersecurity expertise. Those cybersecurity teams would be well-advised to either set up a security incident response team based on modern DevOps processes or rely on the expertise of an external service provider.

Security incident management is, essentially, a subset of IT incident management. Organizations that invest in it are going to see benefits that go well beyond simply the ability to quickly apply a patch. Security issues simply make everyone more cognizant of the need for a set of best practices that make it easier to respond to any unexpected event.

Unfortunately, too many organizations rely on the heroic actions of a few to respond to any crisis. The issue is that heroes are not always available when needed. Instead, the goal should be to institute a set of processes that don’t require anyone to go above and beyond the call of duty to deal with issues that inevitably arise at inconvenient times.

Source: Security Boulevard
Tags: Artic WolfDevOpsLog4Shell
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version