Category: Data Protection

Dec 19

Log4J 2.17.0 is published

By Christopher GLEMOT in Data Protection, Security, Vulnerability Management

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError …

Dec 14

Veeam is not affected by Log4J vulnerability

By Christopher GLEMOT in Backup, Data Protection, Veeam, Vulnerability Management

Apache isn’t used by any Veeam product, however, the Veeam security team realized an investigation. Veeam products are not affected by this vulnerability (KB 4254). Basically, Apache Logs4J is not in use by any Veeam products. I’ll cross-post any important updates but you can see the thread yourself here.

Apache, KB 4254), Log4J, Log4Shell, Veeam, Vulnerability
2 comments

Dec 13

Log4J Recommendations – Step by Step Guide

By Christopher GLEMOT in Data Protection, Security, Vulnerability Management

If you’re using any software running on Apache and Java, be aware of this critical zero-day vulnerability. Log4j is a ubiquitous logging tool included in almost every Java application, meaning this vulnerability affects literally millions of servers. The Log4J library vulnerability (CVE-2021-44228) allows an attacker to cause the target system to fetch and execute code …

Apache, CVE-2021-44228, LDAP, Log4J, Log4Shell, Vulnerability
1 comments

Nov 02

Defending Against Crypto-Ransomware with Netwrix

By Philippe DUPUIS in Active Directory, Cryptolocker, Data, Data Governance, Data Protection, Hardening, Ransomware, Security

Hi, today we will discuss about data governance and more especially a software called: Netwrix Auditor. Netwrix Auditor is a visibility and governance platform that enables control over changes, conﬁgurations, and access in hybrid cloud IT environments to protect unstructured data regardless of its location. The platform provides security analytics to detect anomalies in user …

Oct 19

Conti initiates their attacks on Backup

By Christopher GLEMOT in Backup, Cryptolocker, Data Protection, Hardening, Ransomware, Security, Veeam

Cyber groups (cartels) specifically target backup solutions in order to ensure that the victim has no other option except for paying the ransom. Conti group is particularly methodical in developing and implementing backup removal techniques (on-premise and cloud). The full analysis is available here (thanks to ADV INTEL) and is based on their actual proactive …

Backup, Conti, Data, Hardening, Offline Backup, Protection, Ransomware, Veeam
6 comments

Category: Data Protection

Log4J 2.17.0 is published

Veeam is not affected by Log4J vulnerability

Log4J Recommendations – Step by Step Guide

Defending Against Crypto-Ransomware with Netwrix

Conti initiates their attacks on Backup

Follow me

Subscribe to Blog via Email

About me

Top Posts

Enjoy this blog? Please spread the word :)

Category: Data Protection

Log4J 2.17.0 is published

Share this:

Veeam is not affected by Log4J vulnerability

Share this:

Log4J Recommendations – Step by Step Guide

Share this:

Defending Against Crypto-Ransomware with Netwrix

Share this:

Conti initiates their attacks on Backup

Share this:

Follow me

Subscribe to Blog via Email

About me

Top Posts

Enjoy this blog? Please spread the word :)