Operations | Monitoring | ITSM | DevOps | Cloud

Just when the Microsoft Exchange exploit CVE-2021-26855 thought it would win the “Exploit of the year” award, it got unseated by the – still evolving – Log4J exploit just weeks before the end of the year! Had somebody asked Sysadmins in November what Log4J was then I suspect that the majority would have had no idea. It seems that the biggest challenge the Log4J exploit poses for Sysadmins is simply the fact that nobody knows all the places where Log4J is being used.

On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j 2 version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code on the vulnerable server. This vulnerability was registered on the National Vulnerability Database as CVE-2021-44228, with a severity score of 10. Here is a diagram of the attack chain from the Swiss Government Computer Emergency Response Team (GovCERT).

At Avantra, our customers trust us to keep their business operations based on SAP running smoothly. I have written in the past about the importance of SAP security, and how I believe that in the next few years, SAP risks becoming an attack vector for hackers. It should come as no surprise that security is an area in which Avantra has invested significantly since I became CEO.

Recent news about Log4j has enterprises and vendors scrambling for information and answers, including customers of messaging middleware and Integration Infrastructure Management (i2M) products. Nastel Technologies customers will not be exposed to any risks from this vulnerability, but enterprises are encouraged to check with their Cloud and other solution vendors to protect themselves and their data.

On December 9, 2021, a critical vulnerability in the popular Log4j Java logging library was disclosed and nicknamed Log4Shell. The vulnerability is tracked as CVE-2021-44228 and is a remote code execution vulnerability that can give an attacker full control of any impacted system. In this blog post, we will: We will also look at how to leverage Datadog to protect your infrastructure and applications.

This is the first part of a blog post series about bytecode transformations on Android. In this part we’ll cover different approaches to bytecode manipulation in Java as well as how to make it work with Android and the Android Gradle plugin. In the next two parts we’ll dive into the actual bytecode, bytecode instructions and how we can modify the bytecode and inject our own instructions, using Room as an example.

By now, you’re probably assessing your level of exposure — or are in the middle of remediating — the recently disclosed vulnerability known as Log4Shell. We recently introduced a native integration with Snyk, a leading provider of developer security solutions, to help you address zero-day vulnerabilities. Once enabled, Snyk scans your code and its dependencies, and alerts you about security vulnerabilities, including Log4j. All current versions of Log4j 2 up to 2.14.1 are vulnerable.