Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError …
Tag: Security
Oct 15
LTO9 and Air Gap with Quantum Active Vault
LTO-9 is now generally available, increasing native media capacity to 18TB and bringing 400 MB/s transfer rates. Aside from increased density this technology apparently improves reliability: BaFe (Barium Ferrite) LTO-9 tapes are rated to maintain stable magnetic characteristics for over 50 years. How the latest innovations in LTO technology are addressing today’s most pressing data …
Oct 14
[REPLAY] Arrow and Veeam Talk Show 2021
Hi! Thank you for coming in a great number last week to Arrow Talk Show event focused on Cloud and Digital Transformation. I had the opportunity to participate in a live show in French with Veeam Software, Arrow and, Aviti, talking about: Cloud, Digital Transformation, Data Protection and Security. Watch the recording of the live …
Feb 09
Level up your Microsoft Office 365 Security
Last year, I had the opportunity to participate in a live session in French as official Varonis Speaker about Microsoft 365 Security (Varonis Elite member) at aOS Nice 2020 with Mickaël Lopes (Cyber Security Pre Sales Engineer @ Varonis). We are seeing an uptick in adversaries using a very tricky Man-in-the-Middle (MitM) attack to bypass …
Nov 23
Protect your Backup against Ransomware
Regular backups of all data, including data on file servers, infrastructure, and critical business applications should be performed. Keep in mind that these backups can also be affected by ransomware. Protect your backup against Ransomware. Indeed, more and more cybercriminals seek to attack backups to limit the possibilities for the victim to find his data …
Follow me
