Operations | Monitoring | ITSM | DevOps | Cloud

Vulnerability

SAP HotNews and CVE kernel patch: Securing your SAP systems

Feb 24, 2022 By Avantra In Avantra
New ICMAD bugs require immediate attention and patching for SAP systems The dust has not yet settled on the CVSSv3 10.0 score Log4j security vulnerability that hit in December 2021. Last week, a new group of three security vulnerabilities were published by SAP, which all relate to SAP’s Internet Communication Manager (ICM or ICMAD). Once again, one of these vulnerabilities has a CVSS v3.0 base score of 10/10. In contrast to Log4j, the latest threats only impact SAP customers, but they need immediate attention.
View Video
opsramp

How We Used Our Own Platform Capabilities to Prevent Log4j Attacks and Protect Customers

Feb 22, 2022 By Manjunath M In OpsRamp

In December, information security researchers discovered a serious vulnerability in the popular open-source logging library, Log4j. If exploited, this vulnerability, known as Log4Shell, could allow malicious attackers to execute code remotely on any targeted computer. Millions of computers use Log4j. According to one study, 93% of all cloud environments are affected by the vulnerability.

Read Post
virtualmetric

How To Detect and Prevent Zero-Day Vulnerabilities With Smart Infrastructure Monitoring Tool

Feb 16, 2022 By Antonia Shehova In VirtualMetric

“End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare.”, federal cybersecurity CTO Matt Keller says. Ensuring a high level of security for your IT infrastructure and being sure you have not missed something is hard to arrange during these days. A zero-day exploit happens when hackers identify a software weakness or a security gap and take advantage of it to perform a cyberattack.

Read Post
appdynamics

Log4j vulnerability highlights the value of a combined security and observability approach

Feb 15, 2022 By Randy Birdsall In AppDynamics

When we launched AppDynamics with Cisco Secure Application in early 2021, it was the industry’s first integrated application performance management (APM) and runtime application security offering. We made a bold bet that consolidated monitoring would become increasingly important and provide significant benefits such as improved security capabilities and reduced costs. It was the right bet.

Read Post
jfrog

CVE-2021-44521 - Exploiting Apache Cassandra User-Defined Functions for Remote Code Execution

Feb 15, 2022 By Omer Kaspi In JFrog
JFrog’s Security Research team recently disclosed an RCE (remote code execution) issue in Apache Cassandra, which has been assigned to CVE-2021-44521 (CVSS 8.4). This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra.
Read Post
site24x7

Top 7 lessons from the 2021 Log4j vulnerability

Feb 9, 2022 By Ram Kumar Ramaswamy In Site24x7

The Log4Shell (CVE-2021-44228) zero day vulnerability in the Java logging framework Log4j (versions 2.0 to 2.14.1) was revealed on December 9, 2021. The Apache Foundation assigned the maximum CVSS score of 10 to Log4Shell, as millions of servers and potentially, billions of devices came under risk. Security professionals around the world began patching the vulnerability, and scanning their systems to rule out any potential breach.

Read Post

New Year, New Features in Xray

Feb 8, 2022 By JFrog In JFrog
Let’s start 2022 off the right with new features and updates that will extend JFrog Xray’s power and reach in addressing challenges with securing your binaries from development to production. Join Sarit Tager, VP Product Security as she discusses how Xray provides intelligent supply chain security and compliance at DevOps speed. JFrog Xray is a software composition analysis (SCA) solution that scans your open source software (OSS) dependencies for security vulnerabilities and license compliance issues.
View Video
jfrog

CVE-2021-44142: Critical Samba Vulnerability Allows Remote Code Execution

Feb 8, 2022 By Itay Vaknin, Brian Moussalli In JFrog
Recently, a critical out-of-bounds vulnerability, assigned to CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17. The Samba vulnerability carries a critical CVSS of 9.9 and allows attackers to remotely execute code on machines running a Samba server with a vulnerable configuration. The vulnerability was disclosed as part of the Pwn2Own Austin competition where researchers are challenged to exploit widely-used software and devices with unknown vulnerabilities.
Read Post
avantra logo

How to prevent SAP security vulnerabilities:

Feb 7, 2022 By Avantra
SAP creates some of the world's most popular products for managing information, with more than 400 million users worldwide. But SAP connectivity presents one of the biggest security risks for your company. In this ebook, we will consider some of the steps you can take to secure your SAP systems: we'll explore how SAP systems can be compromised, plus we will investigate some of the ways to prevent this from happening.
Get EBook
jfrog

The Impact of CVE-2022-0185 Linux Kernel Vulnerability on Popular Kubernetes Engines

Feb 1, 2022 By Itay Vaknin and Jonathan Sar Shalom In JFrog
Last week, a critical vulnerability identified as CVE-2022-0185 was disclosed, affecting Linux kernel versions 5.1 to 5.16.1. The security vulnerability is an integer underflow in the Filesystem Context module that allows a local attacker to run arbitrary code in the context of the kernel, thus leading to privilege escalation, container environment escape, or denial of service.
Read Post
Subscribe to Vulnerability

Copyright © 2024 OpsMatters™. All rights reserved.