Operations | Monitoring | ITSM | DevOps | Cloud

SAP HotNews and CVE kernel patch: Securing your SAP systems

Feb 24, 2022 By Avantra In Avantra
New ICMAD bugs require immediate attention and patching for SAP systems The dust has not yet settled on the CVSSv3 10.0 score Log4j security vulnerability that hit in December 2021. Last week, a new group of three security vulnerabilities were published by SAP, which all relate to SAP’s Internet Communication Manager (ICM or ICMAD). Once again, one of these vulnerabilities has a CVSS v3.0 base score of 10/10. In contrast to Log4j, the latest threats only impact SAP customers, but they need immediate attention.
View Video
opsramp

How We Used Our Own Platform Capabilities to Prevent Log4j Attacks and Protect Customers

Feb 22, 2022 By Manjunath M In OpsRamp

In December, information security researchers discovered a serious vulnerability in the popular open-source logging library, Log4j. If exploited, this vulnerability, known as Log4Shell, could allow malicious attackers to execute code remotely on any targeted computer. Millions of computers use Log4j. According to one study, 93% of all cloud environments are affected by the vulnerability.

Read Post
virtualmetric

How To Detect and Prevent Zero-Day Vulnerabilities With Smart Infrastructure Monitoring Tool

Feb 16, 2022 By Antonia Shehova In VirtualMetric

“End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare.”, federal cybersecurity CTO Matt Keller says. Ensuring a high level of security for your IT infrastructure and being sure you have not missed something is hard to arrange during these days. A zero-day exploit happens when hackers identify a software weakness or a security gap and take advantage of it to perform a cyberattack.

Read Post
jfrog

CVE-2021-44521 - Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution

Feb 15, 2022 By Omer Kaspi In JFrog
JFrog’s Security Research team recently disclosed an RCE (remote code execution) issue in Apache Cassandra, which has been assigned to CVE-2021-44521 (CVSS 8.4). This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra.
Read Post
site24x7

Top 7 lessons from the 2021 Log4j vulnerability

Feb 9, 2022 By Ram Kumar Ramaswamy In Site24x7

The Log4Shell (CVE-2021-44228) zero day vulnerability in the Java logging framework Log4j (versions 2.0 to 2.14.1) was revealed on December 9, 2021. The Apache Foundation assigned the maximum CVSS score of 10 to Log4Shell, as millions of servers and potentially, billions of devices came under risk. Security professionals around the world began patching the vulnerability, and scanning their systems to rule out any potential breach.

Read Post

New Year, New Features in Xray

Feb 8, 2022 By JFrog In JFrog
Let’s start 2022 off the right with new features and updates that will extend JFrog Xray’s power and reach in addressing challenges with securing your binaries from development to production. Join Sarit Tager, VP Product Security as she discusses how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.
View Video
jfrog

CVE-2021-44142: Critical Samba Vulnerability Allows Remote Code Execution

Feb 8, 2022 By Itay Vaknin, Brian Moussalli In JFrog
Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.
Read Post
jfrog

The Impact of CVE-2022-0185 Linux Kernel Vulnerability on Popular Kubernetes Engines

Feb 1, 2022 By Itay Vaknin and Jonathan Sar Shalom In JFrog
Last week, a critical vulnerability identified as CVE-2022-0185 was disclosed, affecting Linux kernel versions 5.1 to 5.16.1. The security vulnerability is an integer underflow in the Filesystem Context module that allows a local attacker to run arbitrary code in the context of the kernel, thus leading to privilege escalation, container environment escape, or denial of service.
Read Post
datadog

The PwnKit vulnerability: Overview, detection, and remediation

Jan 28, 2022 By Zack Allen In Datadog

On January 25, 2022, Qualys announced the discovery of a local privilege escalation vulnerability that it identified as PwnKit. The PwnKit vulnerability affects PolicyKit’s pkexec, a SUID-root program installed by default on many Linux distributions. The same day of the announcement, a proof of concept (PoC) exploit was built and published by the security research community.

Read Post
circleci

Running regular security scans with scheduled pipelines

Jan 24, 2022 By Fikayo Adepoju In CircleCI

Security is a vital part of application development, yet it may be neglected until an attacker takes advantage of a vulnerability in the system. The consequences of a security breach can damage an application’s integrity as well as a company’s reputation and revenue. Software architects and engineers need to pay special attention to securing the systems they work on.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.