
cPanel Plugin Contains Log4j Vulnerability
cPanel Plugin Contains Log4j Vulnerability
cPanel plugin contains the critically vulnerable log4j library affected by what is being called a catastrophic vulnerability
Patch vCenter Server with Log4j remediation
The Log4j security vulnerability is a major security vulnerability affecting many different software solutions, including VMware vSphere and, in particular, vCenter Server. VMware has done a great job of providing automated scripts to implement the remediations in a consistent and non-human interaction type way to help reduce the number of errors and problems as a result.
Remediating VMware vCenter Server for Log4j involves the following steps:
1) Download the Python script
2) Upload the script to your VCSA appliance
3) Change the mode of the script
4) Execute the Python shell script
Read a detailed set of instructions and walkthrough on my blog post, posted here:
https://www.virtualizationhowto.com/2021/12/vmware-vcenter-server-log4j-patch-script-remediation-process/
Read about other VMware products and services affected by Log4j and the workarounds as posted from VMware here:
https://www.virtualizationhowto.com/2021/12/critical-vulnerability-in-apache-log4j-cve-2021-44228-is-vmware-affected/
Log4Shell & Log4j Explained – ThreatWire
Log4Shell & Log4j Explained, Google Disrupts Major Botnet, and NPM Packages Steal Discord Creds! All that coming up now on ThreatWire.
#threatwire #hak5
Links:
Weekly security and privacy news, brought to you by Shannon Morse. ThreatWire is a weekly news journalism show covering security and privacy topics for network admins, information security professionals, and consumers.
Watch this on youtube (video may be “private” until the scheduled publish time): https://youtu.be/ysFB6JKTs5U
Shop ThreatWire Merch Directly! – https://snubsie.com/shop
Shop ThreatWire Merch on Teespring! – https://morsecode.creator-spring.com/
Support ThreatWire! https://www.patreon.com/threatwire
Follow Shannon on Social Media: https://snubsie.com/links
Links:
Read all the links via the RSS feed: https://shannonmorse.podbean.com/
Due to Youtube’s bots flagging my source links as “hacking”, you can now find all future link databases via the RSS link (down below) and via the the ThreatWire patreon page (each video post for each episode is a public post and you do not have to be a member to view these).
Hak5 — Cyber Security Education, Inspiration, News & Community since 2005:
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999
—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆—–☆
____________________________________________
Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.
Log4j (CVE-2021-44228) MINECRAFT Vulnerability in 4 MINUTES!
Want to know what the log4j (CVE-2021-4428) is in 4 minutes?
Looking to start a career in Information Security, Cyber Security, or Information Assurance? Check out all these resources to Get Started! https://www.jongood.com/getstarted/
Need CAREER COACHING or CONSULTING Services? https://www.jongood.com/services/
Occasionally in software, there are vulnerabilities that are so widespread among organizations that they can have immediate and disastrous impacts if they are not handled quickly. The Apache Log4j vulnerability is the latest in widespread vulnerabilities that will impact many organizations until they take mitigation steps. Without fixing the issue, organizations are susceptible to remote code execution (RCE) on their web servers. Even Minecraft game players are vulnerable to the log4j exploit!
Join me in this video as we will discuss the Log4j (CVE-2021-4428) vulnerability, perform a quick demonstration, and then review recommend mitigation steps. As a cyber security or technology professional, you must keep current with major vulnerabilities that are disclosed if you want to continue keeping your company secure.
Log4j (CVE-2021-4428) Explanation: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
CISA Guidance: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
CISA Statement: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
Blog Post: https://www.jongood.com/log4j-cve-2021-44228-minecraft-vulnerability-in-4-minutes/
#Log4j #Apache #Minecraft
Training Courses
___________________________________________
Full List: https://www.jongood.com/courses/
Merch
___________________________________________
https://www.jongood.com/merch
Social Media
___________________________________________
Discord: https://jongood.com/discord
Facebook: https://jongood.com/facebook
Instagram: https://jongood.com/instagram
LinkedIn: https://jongood.com/linkedin
Twitter: https://jongood.com/twitter
Website: https://jongood.com/
⚡️Lab & YouTube Gear⚡️
___________________________________________
https://www.jongood.com/equipment/
Affiliates
___________________________________________
https://www.jongood.com/affiliates/
DISCLAIMER: I am an ambassador or affiliate for many of the brands referenced on the channel. As an Amazon Associate, I earn a commission from qualifying purchases.
DISCLAIMER (MUSIC): I only use royalty free music and sound effects.
log4j (Log4Shell) Security Issue Explained at a High Level
Hey all! In this video we go over what the log4j problem is, what/who log4j affects, and how to protect yourself from log4j. This is one of the biggest security vulnerabilities that the internet has ever seen.
My recommended VPNs
(Mr. Sujano affiliate discounts – more than 70% off):
Easy to use and inexpensive – SurfShark:
https://surfshark.deals/MrSujano
Fast and great for power users – PIA:
http://www.privateinternetaccess.com/pages/buy-vpn/mrsujano
Follow me on:
Twitter: https://twitter.com/MrSujano
Instagram: https://www.instagram.com/MrSujano/
Discord: https://discord.gg/nPeqU6F
Twitch: https://twitch.tv/Mr_Sujano
Website: https://mrsujano.com
Check out my recommended products on Amazon: https://amzn.to/2UXstsI
DISCLAIMER: This video and description contain affiliate links, which means if you click on one of the product links, I’ll receive a small commission at no extra cost to you!
This video is for entertainment purposes only.
#log4j #log4jhack #log4jfix #log4shell