Mirantis Secure Registry 3.0 makes repositories more secure and encrypted
Docker's software supply chain becomes more secure by providing a secure container registry to mitigate inherent risks
Mirantis has just launched a new product, Secure Registry 3.0, to deploy and build secure registries across any Kubernetes distribution. The in-built security features let custo... Read more
Google and IBM want worldwide lists of essential open source software
Google and IBM see public-private partnerships as the solution to identifying and securing vulnerable open source software. "Open source software should receive the same funding as bridges and roads", said Kent Walker, Chief Legal Officer at Google.
IBM and Google presented the solution during a... Read more
UK NHS warns of Log4j vulnerability in VMware Horizon
The UK's National Health Service (NHS) has issued a warning stating that hackers are actively exploiting Log4j vulnerabilities in unpatched VMware Horizon servers.
Log4j vulnerabilities are everything but a concern of the past. The problem continues to claim victims. The UK NHS recently issued a... Read more
Security researchers find new Log4Shell in H2 database software
Security organization JFrog has found a vulnerability in H2. The problem is similar to Log4Shell, the infamous threat in Log4j.
H2 consoles on servers accessible from the outside can be abused for remote code execution (RCE). Multiple lines of code in H2 send urls to a 'javax.naming.Context.look... Read more
Failed to patch Log4j? You might be risking a million-dollar penalty
The US Consumer and Market Authority (Federal Trade Commission) is threatening fines of hundreds of millions of dollars for American organizations that fail to patch Log4j.
On December 9, Alibaba's cloud security team disclosed a vulnerability in Log4j. The wildly popular Java library is applied... Read more
Log4j update in Microsoft 365 Defender causes stream of false notifications
The recently released Log4j update for Microsoft 365 Defender generated a stream of false notifications. Microsoft has since fixed the problem.
This week, Microsoft released an update for Microsoft 365 Defender to address the notorious chain of Log4j vulnerabilities. Unexpectedly, the update gen... Read more
China-based Aquatic Panda hackers actively exploit Log4j
Aquatic Panda, a China-based hacking collective, directly exploited the Log4j vulnerability to attack an undisclosed academic institution. The attack was discovered and parried by CrowdStrike's Overwatch threat-hunting specialists.
According to CrowdStrike, China-based hackers launched an attack... Read more
Microsoft issues Defender updates to address Log4j vulnerability
Microsoft updated several Defender solutions to defend users against exploits of Log4j. Among other things, the updates allow companies to identify and resolve Log4j vulnerabilities faster.
Specifically, Defender for Containers and Microsoft 365 Defender solutions underwent a change. Among other... Read more
Apache releases new patch 2.17.1 for Log4j vulnerability
Another vulnerability was discovered in Log4j. Accordingly, the Apache Foundation released a patch. Version Log4j 2.17.1 fixes a newfound method for remote code execution.
The vulnerability was found in version 2.17.0 and named CVE-2021-44832. Authorization to modify the configuration file allow... Read more
The White House invests in open-source software security
The Biden administration is investing in open-source software security. Bloomberg reports that several open-source software providers and developers were invited to a governmental meeting in mid-January 2021.
According to Bloomberg, U.S. National Security Advisor Jake Sullivan has invited key te... Read more