The Log4j security vulnerability is a major security vulnerability affecting many different software solutions, including VMware vSphere and, in particular, vCenter Server. VMware has done a great job of providing automated scripts to implement the remediations in a consistent and non-human interaction type way to help reduce the number of errors and problems as a result.

Remediating VMware vCenter Server for Log4j involves the following steps:

1) Download the Python script
2) Upload the script to your VCSA appliance
3) Change the mode of the script
4) Execute the Python shell script

Read a detailed set of instructions and walkthrough on my blog post, posted here:

https://www.virtualizationhowto.com/2021/12/vmware-vcenter-server-log4j-patch-script-remediation-process/

Read about other VMware products and services affected by Log4j and the workarounds as posted from VMware here:

https://www.virtualizationhowto.com/2021/12/critical-vulnerability-in-apache-log4j-cve-2021-44228-is-vmware-affected/

Log4Shell & Log4j Explained, Google Disrupts Major Botnet, and NPM Packages Steal Discord Creds! All that coming up now on ThreatWire.

#threatwire #hak5

Links:
Weekly security and privacy news, brought to you by Shannon Morse. ThreatWire is a weekly news journalism show covering security and privacy topics for network admins, information security professionals, and consumers.

Watch this on youtube (video may be “private” until the scheduled publish time): https://youtu.be/ysFB6JKTs5U

Shop ThreatWire Merch Directly! – https://snubsie.com/shop

Shop ThreatWire Merch on Teespring! – https://morsecode.creator-spring.com/

Support ThreatWire! https://www.patreon.com/threatwire

Follow Shannon on Social Media: https://snubsie.com/links

Links:
Read all the links via the RSS feed: https://shannonmorse.podbean.com/
Due to Youtube’s bots flagging my source links as “hacking”, you can now find all future link databases via the RSS link (down below) and via the the ThreatWire patreon page (each video post for each episode is a public post and you do not have to be a member to view these).

Hak5 — Cyber Security Education, Inspiration, News & Community since 2005:

—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆

____________________________________________
Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.

Want to know what the log4j (CVE-2021-4428) is in 4 minutes?

Looking to start a career in Information Security, Cyber Security, or Information Assurance? Check out all these resources to Get Started! https://www.jongood.com/getstarted/

Need CAREER COACHING or CONSULTING Services? https://www.jongood.com/services/

Occasionally in software, there are vulnerabilities that are so widespread among organizations that they can have immediate and disastrous impacts if they are not handled quickly. The Apache Log4j vulnerability is the latest in widespread vulnerabilities that will impact many organizations until they take mitigation steps. Without fixing the issue, organizations are susceptible to remote code execution (RCE) on their web servers. Even Minecraft game players are vulnerable to the log4j exploit!

Join me in this video as we will discuss the Log4j (CVE-2021-4428) vulnerability, perform a quick demonstration, and then review recommend mitigation steps. As a cyber security or technology professional, you must keep current with major vulnerabilities that are disclosed if you want to continue keeping your company secure.

Log4j (CVE-2021-4428) Explanation: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

CISA Guidance: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

CISA Statement: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability

Blog Post: https://www.jongood.com/log4j-cve-2021-44228-minecraft-vulnerability-in-4-minutes/

#Log4j #Apache #Minecraft

��Training Courses��
___________________________________________
Full List: https://www.jongood.com/courses/

��Merch��
___________________________________________
https://www.jongood.com/merch

��Social Media��
___________________________________________
Discord: https://jongood.com/discord
Facebook: https://jongood.com/facebook
Instagram: https://jongood.com/instagram
LinkedIn: https://jongood.com/linkedin
Twitter: https://jongood.com/twitter
Website: https://jongood.com/

⚡️Lab & YouTube Gear⚡️
___________________________________________
https://www.jongood.com/equipment/

��Affiliates��
___________________________________________
https://www.jongood.com/affiliates/

DISCLAIMER: I am an ambassador or affiliate for many of the brands referenced on the channel. As an Amazon Associate, I earn a commission from qualifying purchases.

DISCLAIMER (MUSIC): I only use royalty free music and sound effects.

Hey all! In this video we go over what the log4j problem is, what/who log4j affects, and how to protect yourself from log4j. This is one of the biggest security vulnerabilities that the internet has ever seen.

My recommended VPNs
(Mr. Sujano affiliate discounts – more than 70% off):

Easy to use and inexpensive – SurfShark:
https://surfshark.deals/MrSujano

Fast and great for power users – PIA:
http://www.privateinternetaccess.com/pages/buy-vpn/mrsujano

Follow me on:
Twitter: https://twitter.com/MrSujano
Instagram: https://www.instagram.com/MrSujano/
Discord: https://discord.gg/nPeqU6F
Twitch: https://twitch.tv/Mr_Sujano
Website: https://mrsujano.com

Check out my recommended products on Amazon: https://amzn.to/2UXstsI

DISCLAIMER: This video and description contain affiliate links, which means if you click on one of the product links, I’ll receive a small commission at no extra cost to you!

This video is for entertainment purposes only.

#log4j #log4jhack #log4jfix #log4shell