Hi! Thank you for coming in a great number 3 weeks ago to Veeam User Group France #1 event focused on Backup Architectures secure by design and Security. I had the opportunity to participate in a live podcast in French with Yoann Castillo (Team Lead Systems Engineering @Veeam), and Eric Machabert (CISO & CTO @Maincare …
Category: Security
Dec 19
Log4J 2.17.0 is published
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError …
Dec 13
Log4J Recommendations – Step by Step Guide
If you’re using any software running on Apache and Java, be aware of this critical zero-day vulnerability. Log4j is a ubiquitous logging tool included in almost every Java application, meaning this vulnerability affects literally millions of servers. The Log4J library vulnerability (CVE-2021-44228) allows an attacker to cause the target system to fetch and execute code …
Nov 02
Defending Against Crypto-Ransomware with Netwrix
Hi, today we will discuss about data governance and more especially a software called: Netwrix Auditor. Netwrix Auditor is a visibility and governance platform that enables control over changes, configurations, and access in hybrid cloud IT environments to protect unstructured data regardless of its location. The platform provides security analytics to detect anomalies in user …
Oct 19
Conti initiates their attacks on Backup
Cyber groups (cartels) specifically target backup solutions in order to ensure that the victim has no other option except for paying the ransom. Conti group is particularly methodical in developing and implementing backup removal techniques (on-premise and cloud). The full analysis is available here (thanks to ADV INTEL) and is based on their actual proactive …
Follow me
