Podcasts about apache log4j

面对网络安全威胁日益严重的今天，软件供应链安全已经成为开发者领域无法避免的焦点。从令人瞠目的Apache Log4j事件，到最新曝出的xz后门事故，我们看到的是一个前所未有的挑战，即使是日常工作中广泛使用的工具，比如xcode，都可能悄然变成攻击者的跳板。在本期节目中，我们将带您深入探索软件供应链攻击背后的故事，详细解析这些事件背后的技术原理以及潜藏的安全隐患。我们将一同探讨，在当前日益复杂的软件生态系统中，我们该如何强化软件的安全防护，确保我们的代码不仅运行高效，同时也更加安全可靠。而当引入开源库已经成为开发者们的必然选择时，开源世界又是如何在这个挑战下尝试保持安全、活力和信任间的平衡呢？我们特地邀请了相关领域的专家嘉宾，他们将从开源社区的角度分享他们在这场安全之战中所做出的努力。【本期主播与嘉宾】姜宁：Apache软件基金会2022、2023、2024年年度董事，播客【ALC Beijing】主理人杨牧天：北京中科微澜科技有限公司CEO，开放原子开源基金会开源安全委员会安全平台工作组组长白宦成：开发者生态顾问，资深技术专家，阿里云 MVP，Linux 中国开发组组长，是多个开源软件项目的作者或管理者朱峰：「津津乐道播客网络」创始人，产品及技术专家。【制作团队】后期 / 卷圈监制 / 姝琦产品统筹 / bobo联合制作 / RTE开发者社区录音间 / 声湃轩北京站关于「编码人声」「编码人声」是由「RTE开发者社区」策划的一档播客节目，关注行业发展变革、开发者职涯发展、技术突破以及创业创新，由开发者来分享开发者眼中的工作与生活。录制嘉宾覆盖信通院 & 科委专家、国内外资深投资人、VR/AR & 虚拟人 & AIGC 等新兴技术领域头部创业者、一线网红 & 硬核开发者、跨界画家 & 作家 & 酿酒师等。RTE 开发者社区是聚焦实时互动领域的中立开发者社区。不止于纯粹的技术交流，我们相信开发者具备更加丰盈的个体价值。行业发展变革、开发者职涯发展、技术创业创新资源，我们将陪跑开发者，共享、共建、共成长。社区于2023年底正式启动了「主理人+工作组」的运营机制，并确认了社区的 3 位联合主理人 ——· 零一万物 01.AI 开源负责人 @林旅强 Richard· FreeSWITCH 中文社区创始人 @杜金房· 小红书音视频架构负责人 @陈靖本节目由津津乐道播客网络与 RTE 开发者社区联合制作播出。RTE 开发者社区 | 公众号：RTE开发者社区 | 津津乐道播客官网 | 版权声明 | 评论须知 | 加入听友群

面对网络安全威胁日益严重的今天，软件供应链安全已经成为开发者领域无法避免的焦点。从令人瞠目的Apache Log4j事件，到最新曝出的xz后门事故，我们看到的是一个前所未有的挑战，即使是日常工作中广泛使用的工具，比如xcode，都可能悄然变成攻击者的跳板。在本期节目中，我们将带您深入探索软件供应链攻击背后的故事，详细解析这些事件背后的技术原理以及潜藏的安全隐患。我们将一同探讨，在当前日益复杂的软件生态系统中，我们该如何强化软件的安全防护，确保我们的代码不仅运行高效，同时也更加安全可靠。而当引入开源库已经成为开发者们的必然选择时，开源世界又是如何在这个挑战下尝试保持安全、活力和信任间的平衡呢？我们特地邀请了相关领域的专家嘉宾，他们将从开源社区的角度分享他们在这场安全之战中所做出的努力。

In this episode of Storm Watch, the hosts discuss a variety of cybersecurity topics, starting with the discovery of an Android mobile botnet. They note that mobile traffic has been trending upward since the end of March, with a significant increase in April. The botnet is attributed to a banking Trojan, and the hosts emphasize the importance of keeping mobile devices updated and being cautious with app installations and link clicks. The conversation then shifts to recent cyber incidents, including the VMware ARIA vulnerability and the Fortinet and Zyxel pre-auth injection vulnerabilities. The hosts stress the importance of staying on top of updates and considering additional security measures for these devices. They also mention the ongoing "MOVEit" campaign, which has impacted over 100 organizations and exposed over 5 million records. Next, the hosts touch on the Apache Log4j vulnerability, noting a recent spike in activity that has since returned to its previous baseline. They also discuss an advisory on an ICS monitoring device with a hardcoded password vulnerability, emphasizing the potential high value for attackers targeting industrial control systems. Finally, the hosts address a recent UPS data disclosure letter, which has been criticized for its lack of clarity. They emphasize the importance of transparency and straightforward communication when it comes to security incidents and data breach notifications. Join our Community Slack >> Learn more about GreyNoise >>  

Non, le titre de cet épisode n'a rien de mensonger, ce qui rend la situation encore plus inquiétante pour les utilisateurs de produits Apple. D'après un rapport d'AtlasVPN, les données de plus d'un milliard et demi d'appareils Apple dans le monde pourraient être exposées à des failles de sécurité. D'ailleurs, certains cybercriminels auraient déjà commencé à les exploiter, notamment via le navigateur Safari.Découvrir des vulnérabilités sur un téléphone ou sur un navigateur internet n'a rien de surprenant, c'est en effet le lot quotidien des chercheurs et des hackers éthiques désireux de faire avancer la cybersécurité. Mais découvrir 380 nouvelles failles de sécurité en une seule année, dont la plupart sur le même navigateur internet est à la fois très rare et extrêmement préoccupant. En effet, ces centaines de failles ont été repérées dans l'écosystème Apple en 2021, ce qui représente une hausse hallucinante de 467% par rapport à 2020. Si la porte d'entrée principale des hackers était Safari, le navigateur par défaut d'Apple, c'est l'ensemble des produits qui est touché à cause de l'inter-connectivité. En effet, les produits Apple communiquent facilement entre eux, ce qui est très pratique pour échanger des fichiers ou passer d'un appareil à l'autre sans effort tout en poursuivant son travail. Or, une faille sur un produit et c'est toute la chaîne d'interconnexion qui est exposée aux pirates. En 2021, Apple revendiquait plus d'un milliard et demi d'appareil dans le monde... Une proportion qui a dû encore augmenter en 2022 pour se rapprocher de la barre des 2 milliards.Dans le détail, le défaut le plus dangereux détecté chez Apple est le CVE-2021-30858 avec un score de 8.8 / 10. Les appareils menacés sont les iPhone et iPad sur IOS 14.8, ainsi que les Mac avec macOS Big Sur 11.6. Concrètement, cette vulnérabilité permet de glisser des virus et des ransomwares sur l'appareil, avant d'extirper en douce toutes les données personnelles et les identifiants de l'utilisateur. Pour vous protéger, il est recommandé de mettre vos appareils à jour dès que possible. Le rapport d'AtlasVPN a par ailleurs nommé la pire vulnérabilités de 2021 : « Apache Log4j ». Ce défaut permet aux hackers d'obtenir le contrôle complet sur des serveurs et d'exploiter le système sans aucune limite. Lorsque ces failles touchent des géants de la tech comme Microsoft, Apple ou Google, des milliards d'utilisateurs sont menacés. À nouveau, veillez à mettre à jour vos appareils dès que possible dès que possible pour éviter le pire. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.

Non, le titre de cet épisode n'a rien de mensonger, ce qui rend la situation encore plus inquiétante pour les utilisateurs de produits Apple. D'après un rapport d'AtlasVPN, les données de plus d'un milliard et demi d'appareils Apple dans le monde pourraient être exposées à des failles de sécurité. D'ailleurs, certains cybercriminels auraient déjà commencé à les exploiter, notamment via le navigateur Safari. Découvrir des vulnérabilités sur un téléphone ou sur un navigateur internet n'a rien de surprenant, c'est en effet le lot quotidien des chercheurs et des hackers éthiques désireux de faire avancer la cybersécurité. Mais découvrir 380 nouvelles failles de sécurité en une seule année, dont la plupart sur le même navigateur internet est à la fois très rare et extrêmement préoccupant. En effet, ces centaines de failles ont été repérées dans l'écosystème Apple en 2021, ce qui représente une hausse hallucinante de 467% par rapport à 2020. Si la porte d'entrée principale des hackers était Safari, le navigateur par défaut d'Apple, c'est l'ensemble des produits qui est touché à cause de l'inter-connectivité. En effet, les produits Apple communiquent facilement entre eux, ce qui est très pratique pour échanger des fichiers ou passer d'un appareil à l'autre sans effort tout en poursuivant son travail. Or, une faille sur un produit et c'est toute la chaîne d'interconnexion qui est exposée aux pirates. En 2021, Apple revendiquait plus d'un milliard et demi d'appareil dans le monde... Une proportion qui a dû encore augmenter en 2022 pour se rapprocher de la barre des 2 milliards. Dans le détail, le défaut le plus dangereux détecté chez Apple est le CVE-2021-30858 avec un score de 8.8 / 10. Les appareils menacés sont les iPhone et iPad sur IOS 14.8, ainsi que les Mac avec macOS Big Sur 11.6. Concrètement, cette vulnérabilité permet de glisser des virus et des ransomwares sur l'appareil, avant d'extirper en douce toutes les données personnelles et les identifiants de l'utilisateur. Pour vous protéger, il est recommandé de mettre vos appareils à jour dès que possible. Le rapport d'AtlasVPN a par ailleurs nommé la pire vulnérabilités de 2021 : « Apache Log4j ». Ce défaut permet aux hackers d'obtenir le contrôle complet sur des serveurs et d'exploiter le système sans aucune limite. Lorsque ces failles touchent des géants de la tech comme Microsoft, Apple ou Google, des milliards d'utilisateurs sont menacés. À nouveau, veillez à mettre à jour vos appareils dès que possible dès que possible pour éviter le pire. Learn more about your ad choices. Visit megaphone.fm/adchoices

Hello and welcome to CHAOSScast Community podcast, where we share use cases and experiences with measuring open source community health. Elevating conversations about metrics, analytics, and software from the Community Health Analytics Open Source Software, or short CHAOSS Project, to wherever you like to listen. Today, we are super excited to have as our guest, Avi Press, Founder and CEO of Scarf. Avi tells us all about Scarf, Scarf Gateway, the tools that compliment it, and details how Scarf is helping open source software developers use data effectively. Also, Avi shares something he was surprised about early on with usage of open source projects. Download this episode now to find out much more, and don't forget to subscribe for free to this podcast on your favorite podcast app and share this podcast with your friends and colleagues! [00:02:18] Avi tells us more about his background, what brought him into open source, and what led him to start Scarf. [00:04:13] We learn more how Scarf works and what the tool is collecting. [00:06:44] Kate asks Avi if he's looking at being able to generate out the software buildable materials and making that available at all or maybe something he's contemplating. [00:08:18] Avi explains their polices for maintainers and Kate tells us more about a census coming out with people doing scans code that Ari is interested in. [00:14:55] We hear a story about a package that Ari first built called scarf-js on npm. [00:18:00] Sophia wonders from a practical standpoint, how the user experience is so they know they're interacting with Scarf. [00:20:15] Another question Sophie asks Avi circles back to what a user is, knowing there's a lot of overlap between activity, new user contributors, and everything in between, and she wonders how that's handled and the tool. [00:22:10] Avi explains how they encourage maintainers collect usage data. [00:23:54] Avi had mentioned that having insights and data about the usage of open source can help an open source project become more sustainable, and he shares examples that he's seen already put in place. [00:26:46] Kate asks Avi how he sees what he's sharing back to the projects differing from the clones out there. [00:28:05] We learn something that surprised Avi early on being the middleman. [00:29:24] Find out where you follow Avi online. Value Adds (Picks) of the week: [00:30:12] Georg's pick is having a proud father moment with his son. [00:30:54] Kate's pick is Log4j which is helping to really illustrate the need for SBOMs & tracking dependencies. [00:31:26] Sophia's pick is an electric tea kettle she just acquired. [00:33:05] Avi's picks are two open source projects that he uses: org-mode and org-roam. Panelists: Georg Link Sophia Vargas Kate Stewart Guest: Avi Press Sponsor: SustainOSS (https://sustainoss.org/) Links: CHAOSS (https://chaoss.community/) CHAOSS Project Twitter (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Avi Press Website (https://avi.press/) Avi Press Twitter (https://twitter.com/avi_press) Avi Press LinkedIn (https://www.linkedin.com/in/avi-press-4437a356/) Scarf (https://about.scarf.sh/) Scarf Twitter (https://twitter.com/scarf_oss) Scarf-GitHub (https://github.com/scarf-sh) Scarf-js (https://www.npmjs.com/package/@scarf/scarf) Apache Log4j (https://logging.apache.org/log4j/2.x/) Org Mode (https://orgmode.org/) Org-roam (https://www.orgroam.com/) Special Guest: Avi Press.

Cloud Security News this week 23 February 2022 Brought you by JupiterOne - Find out more about them at https://jupiterone.com/csp To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News

DITA w modelu "docs as code"? Kto to widział? Czy to się da zrobić i czy to w ogóle ma sens? Po snuciu teorii na ten temat, przyszedł czas na konkretne działania. Rozmawiamy o tym co do tej pory udało nam się zrobić, żeby w naszej organizacji wdrożyć "DITA as code". Mówimy o narzędziach, przykładowym procesie robienia zmian w dokumentacji, napotkanych trudnościach i kolejnych krokach. Jeśli "DITA z gita" jest bliska Waszemu sercu to zapraszamy do odsłuchu. Dźwięki wykorzystane w audycji pochodzą z kolekcji "107 Free Retro Game Sounds" dostępnej na stronie https://dominik-braun.net, udostępnianej na podstawie licencji Creative Commons license CC BY 4.0. Informacje dodatkowe: "#16 DITA z Gita", Tech Writer koduje: https://techwriterkoduje.pl/blog/2020/04/22/dita-z-gita "#8 DITA OT - static site generator dla wtajemniczonych", Tech Writer koduje: https://techwriterkoduje.pl/blog/2019/09/28/dita-ot Standard DITA (Darwin Information Typing Architecture): https://en.wikipedia.org/wiki/Darwin_Information_Typing_Architecture Component Content Management System (CCMS): https://en.m.wikipedia.org/wiki/Component_content_management_system Git: https://git-scm.com/ "Docs as code", Write the Docs: https://www.writethedocs.org/guide/docs-as-code/ Bitbucket: https://bitbucket.org/ Git submodules: https://www.atlassian.com/git/tutorials/git-submodule Bitbucket pull requests: https://www.atlassian.com/git/tutorials/making-a-pull-request Oxygen XML: https://www.oxygenxml.com/#bidx-xml-author "Krytyczna podatność w bibliotece Apache Log4j": https://cert.pl/posts/2021/12/krytyczna-podatnosc-w-bibliotece-apache-log4j/ Sourcetree: https://www.sourcetreeapp.com/ DITA Open Toolkit (DITA OT): https://www.dita-ot.org/ Docker: https://www.docker.com/ Amazon Simple Storage Service (S3): https://aws.amazon.com/s3/ TeamCity: https://www.jetbrains.com/teamcity Schematron: https://www.schematron.com/ "Content Reuse": https://paligo.net/docs/en/content-reuse.html Git hooks: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks "Readability – what is it and how do I improve it?", Paweł Kowaluk (soap! 2018): https://www.youtube.com/watch?v=LzrHrIOHhz8

Guest Sarah Gran | Josh Aas Panelists Richard Littauer | Justin Dorfman Show Notes Hello and welcome to Sustain! The podcast where we talk about sustaining open source for the long haul. We are super excited to have two guests today, Sarah Gran and Josh Aas, who both work for ISRG, the Internet Security Research Group which consists of three projects: Let's Encrypt, Divvi Up, and Prossimo. Sarah is a VP of Communication and fundraising for ISRG, and Josh is the Executive Director at ISRG. They are both working on Prossimo to bring memory safe code to critical digital infrastructure, which they will explain more in depth today. We also learn about some other projects they are investing in this year, and Sarah and Josh share some positive things they're really excited about happening in 2022 with Prossimo. Go ahead and download this episode now to find out more! [00:02:03] We find out what ISRG is and how they choose which projects to focus on. [00:04:53] Josh explains the difference between Prossimo and Rust. [00:07:07] Josh and Sarah explain why memory allocation is so important. [00:10:33] Justin wonders if Log4j is on their radar in terms of funding, if that's something ISRG can help them with, and how that has brought more attention to memory safe languages. [00:13:03] We hear about the relationship ISRG has with the Linux Foundation. [00:15:21] Sarah shares what they've done so far to make the Prossimo project sustainable. [00:18:21] We find out what the budget is for running ISRG, and how they make that budget for what they are trying to accomplish. [00:22:40] Josh tells us about using Linkerd if you're looking for memory safety in that space. [00:24:40] Besides working on major projects that have had massive impacts like he had with Let's Encrypt, Josh shares things that have been difficult for him this year. [00:27:02] Josh explains how Cloudflare deals with DDoS attacks, and if there's been any open line of communication with NginX. [00:29:55] Josh and Sarah detail what they're doing to get the word out about Prossimo which includes four criteria they use to decide what they're going to engage with. [00:33:18] We hear about some projects they are investing in this year, such as Rustls, Linux kernel, and NTP. [00:35:07] What are Sarah and Josh most excited about happening in 2022? [00:41:35] Find out where you can follow Josh, Sarah, and Prossimo online. Quotes [00:04:05] “We just like to do a lot research about what we're doing. We're not a throw it at the wall and see what sticks organization.” [00:12:05] “From my perspective in communications and fundraising, I think this is a great moment for us to help people understand that memory safety isn't at the crux of Log4j.” [00:14:31] “Rising tides raises all ships.” [00:25:27] “We have a huge amount of history that tells us C++ code is not safe.” [00:29:25] “I really hope that ten years from now, the number one web server is not written in C, that cannot happen, we can't allow that to happen. Popular web servers written in C need to go.” [00:36:37] “We can have a plan to boot OpenSSL off the internet. That's a dream of mine and I think that's an achievable goal.” Spotlight [00:38:09] Justin's spotlight is Twitter communities. [00:38:33] Richard's spotlight is Karl Becker. [00:39:14] Sarah's spotlight is Crowdin. [00:40:43] Josh's spotlight is Qubes OS. Links SustainOSS (https://sustainoss.org/) SustainOSS Twitter (https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Podcast (https://podcast.sustainoss.org/) Josh Aas Twitter (https://twitter.com/0xjosh?lang=en) Josh Aas LinkedIn (https://www.linkedin.com/in/josh-aas-406a772) Sarah Gran Twitter (https://twitter.com/sarahgrrrrrrran) Sarah Gran LinkedIn (https://www.linkedin.com/in/sarah-gran-saline) Internet Security Research Group (https://www.abetterinternet.org/) Prossimo (https://www.memorysafety.org/) Let's Encrypt (https://letsencrypt.org/) Apache Log4j (https://logging.apache.org/log4j/2.x/index.html) Linkerd (https://linkerd.io/) Justin Dorfman Twitter (https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Crowdin (https://crowdin.com/) Karl Becker GitHub (https://github.com/karlbecker) Qubes OS (https://www.qubes-os.org/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Josh Aas and Sarah Gran.

In our first look at the research highlights of 2022, we take a deep dive into Tenable's 2021 Threat Landscape Retrospective, and look at the incidents, attacks and notable vulnerabilities that made up the past year.We also look at new advisories from January 2022, with new patches from Microsoft and ZoHo, and the new CVEs in Apache Log4j 1.x.Threat Landscape Retrospective Download Page TLR Webinar Registration Page TLR Blog Post PrintNightmare CVE 2021-36958Tenable Log4J Website ZoHo Patches Microsoft January Patches Follow along for more from Tenable Research:Subscribe to the blogFollow Tenable's Zero Day team on Medium

In our first episode of 2022, Chris Goettl and Daniel Spicer unpack one of last year's biggest vulnerabilities: Apache Log4j. The conversation includes:What is Log4j?The difficulty of detecting Log4j and developing guidance for organizationsWhy security teams and IT teams are stuck in a Catch 22 of patchingThe latest guidance you can use for your organizationCheck out cisecurity.org and Ivanti's article on Log4j

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry.  In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:  Microsoft issues updates on the critical Apache Log4j vulnerability and active exploits  HR and payroll giant Kronos experiences weeks-long ransomware outage  EHR vendor QRS has been sued for insufficient cybersecurity protections in the wake of a major breach  Healthcare provider settles for $425,000 cybersecurity enforcement from NJ state attorney general  OCR issues guidance on Extreme Risk Protection Orders  HIPAA Privacy Rule and OCR enforcement changes due to come into effect in 2022  EHR giant Cerner is acquired by Oracle; implications for healthcare organizations  NIST launches new international cybersecurity and privacy resources website  Norton antivirus discovered to be pre-loaded with crypto mining software 

Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

Give your security guys a hug, a socially distanced one, because we are in the middle of a pandemic and we aren't savages. They had a very bad holiday trying to deal with the Log4J exploit that hit in December.If you are confused as to what this is all about, stay tuned.Hey everybody, this is Chris Brandt, welcome to another FUTRtech video podcast. On December 9th, a remote code execution bug in Apache Log4j 2 was discovered being exploited in the wild. This exploit was alarming for two reasons, it is very widely used and it is a very easy exploit to perform. Minecraft, Apple's iCloud and Amazon Web Services are just some of the major services impacted by this. Additionally, after the exploit came to light, bad actors started actively scanning the Internet for vulnerable systems.So what is Log4J?  Log4J is an open source logging utility used by Java applications. Most systems log an enormous amount of events for analysis and troubleshooting. It is responsible for writing and processing the log files. For example, say you request a page from a webserver that doesn't exist, if the server is running Java it would likely log this failed attempt through Log 4J. The part that was exploited was the Context Lookup feature, which like it says adds additional context to the logs like adding the currently logged in user.By submitting a specially crafted request, the application would execute code to either download additional exploits or to exploit functions on the system directly. The exploit is fairly trivial to perform and because of Log4J's wide use, this became a major problem for businesses over the holidays. With already overstretched security and development resources this became a major undertaking for many people.Fortunately there is a patch available for this. There are still some configuration details that you need to pay attention to, but getting this fixed should be a top priority for your organization.Thanks for watching, if you like what you saw, give us a like and think about subscribing, and I will see you in the next video.FUTRtech focuses on startups, innovation, culture and the business of emerging tech with weekly video podcasts where Chris Brandt and Sandesh Patel talk with Industry leaders and deep thinkers.Occasionally I share links to products I use, as an Amazon Associate I earn from qualifying purchases on Amazon.

Tried my hands for the first time to create an audiodrama Techflick which is a combo of Satire and Horror ...True Crime style! On Dec 9th 2021 a java ultility used worldwide in Legacy Systems too called Apache Log4j mainly used for collating logs and details was detected with a Vulnerability that made it the Worst in the decade , thats why it was also called Zero Day Vulnerability! The first week was seen in fixes but then came the next week where the cunning hackers came up with another DDOS attack that was even more risky! This show will take you through this journey in a funny yet infotaining yet horror way ! If you like this please do rate us on Spotify and review us on Apple Podcasts too. Also dont forget to follow us on any podcast app you are listening us on! Music used : Epidemic Sounds. I want to thank the entire starcast: Friend Caller: Deekshita , Sansani Anchor: Lakshay aka Sutta Buddy , Singers: Garima and Suyog , Hacker Witch: Anudeep , Developer: Himani Monalisa Dutta , Client: Anurag Sharma ! --- Send in a voice message: https://anchor.fm/taleha-khan/message

Matthew and Michael chat about cybersecurity trends over the last year and discuss upcoming trends to look out for in 2022. They talk about the future of CMMC, risk management, and security awareness training. They also mention Apache Log4j and its vulnerabilities in 2021 that could continue to cause issues in the new year.

Tune in to today's episode while I review 2021's biggest cybersecurity news, talk about the latest in the Apache Log4J vulnerability and a new patch, and discuss why the right tools and how they're used matters for your business. For show notes and links discussed in the episode, here's our blog: https://insula.tech/tag/coffee-and-security

Parce que… c'est l'épisode 0x095! Préambule Retour de l'enregistrement à distance. Vince a toujours son gigantesque bureau qui produit un écho incroyable. Shameless plug COVID-19 4 au 6 avril 2022 - Québec Numérique - SéQCure 2022 4 au 8 avril 2022 - Québec Numérique - Semaine numériqc Notes Clearview AI : Demande canadienne pour suppression des données collectées illégalement. Log4j Apache takes off, nukes insecure feature at the heart of Log4j from orbit with v2.16 Apache Log4j Vulnerability Guidance Bad things come in threes: Apache reveals another Log4J bug Belgian Defense Ministry confirms cyberattack through Log4j exploitation Statement From Cisa Director Easterly On “Log4J” Vulnerability Already Compromised by Apache Log4j? Check Before You Patch L'Iran a exploité la vulnérabilité Log4J contre Israel Biden national security officials warn of ‘heightened risk' of ‘malicious cyber' activities around holidays Microsoft warns of easy Windows domain takeover via Active Directory bugs 33 Millions d'appareils mobiles ont été épiés durant le COVID Amazon Fends Off Extra Privacy Fines After a Record Penalty in the EU Collaborateurs Nicolas-Loïc Fortin Vincent Groleau Crédits Montage audio par Intrasecure inc Locaux virtuels par Zoom

It is time for YusufOnSecurity, welcome back once again!In this episode we will go back to the best of 2021 episodes. There are quite a few popular ones.But first, lets recap the top trending security news.- techcommunity.microsoft.com: SAM Name impersonation- www.bleepingcomputer.com: Microsoft warns of easy Windows domain takeover via Active Directory bugs-https://www.cisa.gov:  CISA, FBI, NSA and international partners issue advisory to mitigate Apache Log4j vulnerabilities- https://github.com: CISA ScannerBe sure to subscribe!If you like the content. Follow me @iayusuf or read my blog at [https://yusufonsecurity.com](https://yusufonsecurity.com/)You will find a list of all previous episodes in there too.

Welcome to the penultimate episode of 2021 as we head into the new year and get ready to add video to this and our other tabGeeks shows. Don't worry, if you prefer audio, we will still be pushing the audio as podcasts, and the video will be of us recording the podcast, not converting it into a video show that also dumps the audio track into a podcast. If you listen to us on Spotify, they just launched ratings, we would greatly appreciate it if you could give us a rating! Thank you! Silent Releases The filmstrip in Google Slides is now collapsable Published Releases Prevent unwanted invitations from being added to your calendar New notifications when Drive content violates abuse program policies Content compliance rule to cc admins Easily see which account you're currently using in Google Calendar on mobile Automatically move breakout room participants back to the original meeting Use your Google Meet hardware-connected displays as digital signage Expanded occupancy detection capabilities for Google Meet hardware devices Configure member restrictions for groups, now generally available Making dynamic groups more powerful with custom user attributes and OrgUnit queries Other Topics Kim Nilsson mentioned the great deals offered as part of the work safer program are US only Google Meet Duo Drama Google Cloud recommendations for investigating and responding to the Apache “Log4j 2” vulnerability Hit the subscribe button, engage with us on Twitter at @WorkspaceRecap and on our website at workspacerecap.com Check out our other shows as well as our weekly newsletter and Slack Community at www.tabgeeks.com!

In this podcast episode, we talked about the Apache Log4j vulnerability exploit that is striking fear into the software world and what can be done to remediate it. Joining us is Kristin Hazelwood, Vice President and General Manager of HCL's BigFix product. 

What's up, everyone! In this episode, Ryan and Shannon discuss how the Apache Log4j vulnerability just won't seem to go away. Please LISTEN

This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to steal cars, and a FBI training document describes what data can be obtained by encrypted messaging apps. ** Links mentioned on the show […] The post Log4j Vulnerability, Apple AirTags Used by Thieves, FBI's Encrypted Messaging App Document appeared first on The Shared Security Show.

It is time for YusufOnSecurity, welcome back once again!In this episode we will stay on the topic of Log4j still developing vulnerability.-https://threatpost.com : Malicious Joker App Scores Half-Million Downloads on Google Play-https://www.bleepingcomputer.com:  Karakurt: A New Emerging Data Theft and Cyber Extortion Hacking Group-https://yusufonsecurity.com: Log4j vulnerabilitiesBe sure to subscribe!If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec Threat Analyst Alan Neville to discuss the vulnerabilities in Apache Log4j that made lots of headlines this week. We also discuss two other blogs that Symantec published this week, including one looking at an attack campaign aimed at telecoms companies in the Middle East and Asia that appears likely to have originated from Iran-based attackers. Meanwhile, we also talk about a blog we published covering details about a new Rust-based malware we have dubbed Noberus (ALPHV/BlackCat). This is our last Cyber Security Brief podcast of 2021, we will be back on January 13.

Due to a last minute interview cancellation, this is a shorter episode than usual, but I discuss, and try to explain, the newly discovered Apache Log4j vulnerability and I review to top cyber incidents of 2021.  I know that is a little early, but I figured I'd get it it before everyone started doing it. Link to Github site mentioned in podcast: log4shell/software at main · NCSC-NL/log4shell · GitHub If you have feedback on the podcast, email me at darren@thecyburguy.com

Cloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. Log4j is a Java library for logging error messages in applications. It was developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell' and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10. The zero-day had been exploited at least nine days before it surfaced on Thursday. This vulnerability puts any device connected to the internet and running Apache Log4J, versions 2.0 to 2.14.1.at risk. This impacts cloud services, developer services, security devices, mapping services, and more. AWS has released details on how the flaw impacts its services and said it is working on patching its services that use Log4j and has released mitigations for services like CloudFront. This can be viewed here. Microsoft has also released Guidance for preventing, detecting, and hunting for Log4j exploitation here and Google cloud is also “is actively following the security vulnerability” and has released recommendations for investigating and responding to the Apache “Log4j 2” vulnerability here IBM said it is "actively responding" to the Log4j vulnerability across IBM's own infrastructure and its products, can be found here and Oracle has issued a patch too here. There is a comprehensive list of all known softwares vulnerable and not vulnerable to LogShell is available on GitHub along with any known fixes. Here This vulnerability is being exploited to install malware, crypto mining, perform DDOS attacks, drop Cobalt Strike beacons, scan for vulnerable servers and exfiltrate information. To finish on a note other log4J - Have you heard about Dazz? Well if you haven't, they are a one-year old cloud security remediation startup that recently closed another round of funding and raised 60 million dollars. Dazz is looking to automate cloud security through their AI driven product in a developer friendly way. You can find out more about them hereEpisode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

Cloud Security News this week 15 December 2021 This week, the world of cybersecurity has been consumed by the Log4Shell vulnerability. So whats it all about. Log4j is a Java library for logging error messages in applications. It was developed by the open-source Apache Software Foundation and is a key Java-logging framework. The critical zero day security vulnerability has been named ‘Log4Shell' and has a maximum CVSS ( Common Vulnerability Scoring System ) score of 10. The zero-day had been exploited at least nine days before it surfaced on Thursday. This vulnerability puts any device connected to the internet and running Apache Log4J, versions 2.0 to 2.14.1.at risk. This impacts cloud services, developer services, security devices, mapping services, and more. AWS has released details on how the flaw impacts its services and said it is working on patching its services that use Log4j and has released mitigations for services like CloudFront. This can be viewed here. Microsoft has also released Guidance for preventing, detecting, and hunting for Log4j exploitation here and Google cloud is also “is actively following the security vulnerability” and has released recommendations for investigating and responding to the Apache “Log4j 2” vulnerability here IBM said it is "actively responding" to the Log4j vulnerability across IBM's own infrastructure and its products, can be found here and Oracle has issued a patch too here. There is a comprehensive list of all known softwares vulnerable and not vulnerable to LogShell is available on GitHub along with any known fixes. Here This vulnerability is being exploited to install malware, crypto mining, perform DDOS attacks, drop Cobalt Strike beacons, scan for vulnerable servers and exfiltrate information. To finish on a note other log4J - Have you heard about Dazz? Well if you haven't, they are a one-year old cloud security remediation startup that recently closed another round of funding and raised 60 million dollars. Dazz is looking to automate cloud security through their AI driven product in a developer friendly way. You can find out more about them hereEpisode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy:

We speak with Ariel Zeitlin, VP, CTO Enterprise Security Group at Akamai Technologies and Chris Gibbs, Managing Director and Regional Vice President, Australia and New Zealand. Ariel co-founded Guardicore, after spending 11 years as an officer in the Israeli Defense Forces (IDF), where he worked closely with Guardicore's co-founder Pavel Gurvich. At Akamai, Ariel is focusing on building best in class Zero Trust platform. Chris joined Akamai in 2021 with more than 20 years of strategic leadership experience within the technology and telecommunications sector, across both Australia and Asia-Pacific & Japan (APJ). In September 2021, Akamai Technologies, Inc. (NASDAQ: AKAM), announced it will acquire Tel Aviv, Israel-based Guardicore. By adding Guardicore's micro-segmentation solution into Akamai's extensive Zero Trust security portfolio, Akamai has broadened its solution suite to provide comprehensive protections to the enterprise, defending against threat actors and the spread of malware and ransomware. We also discuss the Apache Log4j library vulnerability, (CVE-2021-44228) that was exposed days earlier. The vulnerability, also named Log4Shell or LogJam, has a CVSS severity level of 10 out of 10. The vulnerability allows hackers to execute arbitrary code and potentially take full control of a system.On 10 December, a Friday morning (US time), an exploit was publicly released for the critical zero-day vulnerability. Reports indicate hackers need the application to write just one string to the log. From there, hackers can remotely upload their own code to the application via the message lookup substitution function. Millions of servers are reportedly at risk, including those used by high-profile companies, including Apple, Cloudflare, Twitter, Valve, Tencent, iCloud, Steam, and Minecraft.Further Readinghttps://www.akamai.com/resources/ebook/5-step-ransomware-defense-ebookhttps://www.akamai.com/resources/white-paper/stop-the-impact-of-ransomware-white-paper

Threatpost podcast: Cybereason CTO Yonatan Striem-Amit shares details about the company's vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show having been disclosed.

2021-12-14 Weekly News - Episode 128Watch the video version on YouTube at https://youtu.be/_GrDec5PVwg Hosts: Gavin Pickin - Senior Developer for Ortus SolutionsDan Card  - Software Developer for Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and almost every other Box out there. A few ways  to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube.  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week Buy Ortus's new Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips) Patreon SupportWe have 37 patreons providing 97% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. News and EventsNew Host - Dan CardDan introduces himself and gives a quick run down of his CFML experience.Log4j Vulnerability ReportedThere is a critical security vulnerability (CVE-2021-44228 aka Log4Shell) in the java library log4j which is a popular logging library for java applications. It is included in both Adobe ColdFusion and Lucee for example.Putting together some info to help sort this issue out as it pertains to ColdFusion and Lucee users. I'll update this entry as needed.https://www.petefreitag.com/item/923.cfm Adobe's update on the matter (thanks charlie for pointing this out)Blog - https://coldfusion.adobe.com/2021/12/update-log4j-vulnerability/ Update - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html TLDR for AdobeThere is a critical security vulnerability (CVE-2021-44228) in the Log4j, which is a popular logging library for Java-based applications. The vulnerability also impacts Adobe ColdFusion.Adobe is investigating any potential impact and is taking action including updating affected systems to the latest versions of Apache Log4j recommended by the Apache Software Foundation.ColdFusion plans to release a patch (version(s) 2021, 2018) for this log4j vulnerability to customers on 12/17/2021. VERY FAST FOR ADOBE - THEY DONT MOVE FAST USUALLYIn the meantime, we recommend that ColdFusion users apply the following workarounds/mitigations steps, until this patch is released.Lucee is not affected https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331 Charlie's Blog on the matter https://www.carehart.org/blog/2021/12/14/about_the_log4jshell_pandemic https://coldfusion.adobe.com/2021/12/dealing-recent-log4j-vulnerability-adobe-releases-update/ More news links about Log4j https://www.zdnet.com/article/log4j-flaw-attackers-are-making-thousands-of-attempts-to-exploit-this-severe-vulnerability/New CommandBox FeatureAdd the equivalent of the mod_cfml tomcat valve into CommandBox as an Undertow handler to auto-create contexts based on the front-end servers's virtual hosts.Support the same request headers and behavior of mod_cfmlIdeally, this should have drop-in support behind BonCode IIS or Apache's mod_cfml moduleSupport max contexts settingMake this new behavior off (opt-in) by default Support and require shared key for security (Note, the current mod_cfml Tomcat valve does not require the shared key, but we will)https://ortussolutions.atlassian.net/browse/COMMANDBOX-1411 CBSecurity V2.15.0 released

In this episode we will cover an actively exploited vulnerability whose importance can not overstated. Well the Internet is on fire, as someone put it. In addition, we will recap other top trending security news which includes:-https://blog.mozilla.org: Site Isolation in Firefox -https://en.wikipedia.org: Same Origin Policy-eclypsium.com: When honey bees become murder hornets- logging.apche.org: Apache log4j vulnerability-https://www.cisa.gov Most commonly exploited vulnerabilitiesBe sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com You will find a list of all previous episodes in there too.