BrakeSec Education Podcast

A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.

http://www.brakeingsecurity.com

subscribe
share






episode 46: Mick Douglas, Log4j vulnerabilities, egress mitigations- part2


 

Introduction

Overview of Log4j vuln (as of 16 December 2021)

Why is it a big deal? (impact/criticality/risk)

Talk about patching vs. mitigation

why wasn’t this given the same visibility in 2009? Because it’s Oracle or Java?

Good callout is building slides to brief org leadership, detections, and other educational tools.

Vuln fatigue (Java vulns in 2009 and pretty much forever cause us fatigue)

Are there other technologies like log4j that prop up the entire world, and we just don’t know?

Egress traffic (discussed at length on twitter, what problems it solve?)

https://twitter.com/mubix/status/1470430085169745920

Latest: https://www.theregister.com/2021/12/14/apache_log4j_v2_16_jndi_disabled_default/ - apache removed JDNI functionality

https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/


fyyd: Podcast Search Engine
share








 December 23, 2021  40m