Christopher GLEMOT

Data Management & Security Team Leader | Technical specialist around Data, Security, Backup, Disaster Recovery, Cloud, Governance, Virtualization and Storage | Veeam Vanguard 2016-21 & VMCE | Founder of ArmoricanCloud.com | Owner of original-network.com

Most commented posts

  1. Step by Step Guide Veeam Agent for Windows — 41 comments
  2. Step by Step Guide Veeam B&R 9.5 Upgrade (v9 to v9.5) — 27 comments
  3. Veeam Availability Suite 9.5 first full availability solution! — 23 comments
  4. VeeamON New Orleans – Veeam Availability Suite 10 – Some new features announced! — 19 comments
  5. Script to disable UAC Server on Windows Server 2016 — 18 comments

Author's posts

Dec 22

[PODCAST] Veeam User Group France #1

Hi! Thank you for coming in a great number 3 weeks ago to Veeam User Group France #1 event focused on Backup Architectures secure by design and Security. I had the opportunity to participate in a live podcast in French with Yoann Castillo (Team Lead Systems Engineering @Veeam), and Eric Machabert (CISO & CTO @Maincare …

Continue reading

Advertisement

Dec 19

Log4J 2.17.0 is published

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError …

Continue reading

Advertisement

Dec 14

Veeam is not affected by Log4J vulnerability

Apache isn’t used by any Veeam product, however, the Veeam security team realized an investigation. Veeam products are not affected by this vulnerability (KB 4254). Basically, Apache Logs4J is not in use by any Veeam products. I’ll cross-post any important updates but you can see the thread yourself here.

Continue reading

Advertisement

Dec 13

Log4J Recommendations – Step by Step Guide

If you’re using any software running on Apache and Java, be aware of this critical zero-day vulnerability. Log4j is a ubiquitous logging tool included in almost every Java application, meaning this vulnerability affects literally millions of servers. The Log4J library vulnerability (CVE-2021-44228) allows an attacker to cause the target system to fetch and execute code …

Continue reading

Oct 19

Conti initiates their attacks on Backup

Cyber groups (cartels) specifically target backup solutions in order to ensure that the victim has no other option except for paying the ransom. Conti group is particularly methodical in developing and implementing backup removal techniques (on-premise and cloud). The full analysis is available here (thanks to ADV INTEL) and is based on their actual proactive …

Continue reading

error

Enjoy this blog? Please spread the word :)