• Latest
  • Trending
Cybereason Makes Log4Shell ‘Vaccine’ Available

Cybereason Makes Log4Shell ‘Vaccine’ Available

December 14, 2021
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Monday, 5 June, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Cybereason Makes Log4Shell ‘Vaccine’ Available

by ITECHNEWS
December 14, 2021
in Leading Stories, Opinion
0 0
0
Cybereason Makes Log4Shell ‘Vaccine’ Available

Cybereason has created what it described as a “vaccine” for the Apache Log4Shell vulnerability (CVE-2021-44228) that is roiling organizations that rely on the open source Log4j logging framework to manage Java applications.

The Log4j framework is used by almost every Java application, which means the time and effort required to patch every instance can be significant. In the meantime, cybercriminals are already looking to exploit a remote code execution (RCE) vulnerability in the framework.

YOU MAY ALSO LIKE

ATC Ghana supports Girls-In-ICT Program

Vice President Dr. Bawumia inaugurates ICT Hub

The vulnerability allows cybercriminals to take control of any Java-based, internet-facing server and engage in remote code execution (RCE) attacks using a plug-in capability that was originally designed to make it easier to extend the logging platform. In recent releases of Log4j, that capability is turned on by default. A malicious attacker can exploit the vulnerability by sending a malicious code string that is logged by Log4j. At that point, the exploit will allow the attacker to load arbitrary Java code and take control of the server. The vaccine Cybereason made available free of charge on GitHub makes use of the vulnerability itself to launch a flag that turns off the plug-in capability when it’s detected.

Cybereason CTO Yonatan Striem-Amit said it’s generally simpler to download a vaccine that changes the vulnerable server’s configuration. That approach is not intended to eliminate the need to patch Log4j but, rather, to buy organizations’ enterprise IT teams more time to patch every instance of the framework they have running, he said. The vaccine requires only basic Java skills to implement, he noted. Alternatively, an IT team can permanently close the vulnerability by saving a configuration file to each server.

It’s not clear to what degree this vulnerability may have already been exploited, but this latest in a series of zero-day vulnerabilities is already taking a toll on IT teams large and small. Those IT teams should also expect the rate at which zero-day vulnerabilities are being disclosed will increase as more cybersecurity research is conducted. The issue cybersecurity teams now need to come to terms with is setting up a process that enables them to consistently remediate zero-day vulnerabilities with as little disruption as possible.

In fact, cybersecurity teams would be well-advised to crib some of the best practices that have been defined for modern IT incident management platforms to minimize the level of disruption created by the need to suddenly apply a patch. Based on processes that are rooted in the workflows DevOps teams have created to automate application deployment, a modern incident management platform enables IT teams to essentially expect the unexpected and quickly and effectively respond to it.

As IT teams become accustomed to responding to sudden events, the process will become more routine. That routine not only makes the organization more resilient in the face of a zero-day vulnerability, it also serves to reduce the overall stress of the IT team. This is critical at a time when burnout rates are contributing to higher rates of staff turnover, especially as most organizations are already chronically understaffed.

By Security Boulevard

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version