Jan 03

Top 3 Most Viewed Posts in 2021

Hello,

Many thanks for your visit in 2021, we wish you all the best for the New Year 2022 to all of the loyal readers of Original-Network.com! Hope you have the energy and the element of good fortune we will all need to ensure a successful to the new year and a prosperous future beyond that. I would also like to thank Veeam Software (in particular Daria) which is the first supporter that sponsors this blog. Special thanks to our partner 2021: Quantum. Then thanks to Veeam France (in particular Anabel) and Monaco Digital – Avangarde, we organized 3 webinars and 2 events! Many events will be coming in 2022… 😉 Finally, special thanks to Philippe DUPUIS (Data Management & Security Eneginner @ Monaco Digital), we published the first blog post about Netwrix (Active Directory Security and Data Protection) and the first blog post about Quantum (LTO9 & Offline Backup with Quantum Active Vault). Discover Top 3 Most Viewed Posts in 2021 below…

 

Continue reading

Dec 22

[PODCAST] Veeam User Group France #1

Hi! Thank you for coming in a great number 3 weeks ago to Veeam User Group France #1 event focused on Backup Architectures secure by design and Security. I had the opportunity to participate in a live podcast in French with Yoann Castillo (Team Lead Systems Engineering @Veeam), and Eric Machabert (CISO & CTO @Maincare Solutions), talking about: Cloud, Data Protection and Security. Watch the recording of the live podcast in french below.

VUGFR 2021

Continue reading

Dec 19

Log4J 2.17.0 is published

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack. Log4J 2.17.0 fixes CVE-2021-45105.

 

Continue reading

Dec 14

Veeam is not affected by Log4J vulnerability

Apache isn’t used by any Veeam product, however, the Veeam security team realized an investigation. Veeam products are not affected by this vulnerability (KB 4254). Basically, Apache Logs4J is not in use by any Veeam products. I’ll cross-post any important updates but you can see the thread yourself here.

Veeam Availability Suite 11

Continue reading

Dec 13

Log4J Recommendations – Step by Step Guide

If you’re using any software running on Apache and Java, be aware of this critical zero-day vulnerability. Log4j is a ubiquitous logging tool included in almost every Java application, meaning this vulnerability affects literally millions of servers. The Log4J library vulnerability (CVE-2021-44228) allows an attacker to cause the target system to fetch and execute code from a remote location controlled by the attacker. The second stage, what the downloaded malicious code does next, is fully up to the attacker. This library is used by many software vendors and service providers globally as a standardized way of handling log messages within the software. This blog post is a step-by-step guide (recommendations) that you can follow.

 

Continue reading