It’s nothing new to hear about vulnerabilities in applications and operating systems being one of the primary initial attack vectors for cyberattacks. But when the use of a vulnerability in an attack becomes so prominent over a short period of time, you take notice.
Log4j is a simple java-based logging utility used as part of Apache Logging Services. Its version 2 was developed in 2015 and was designed using an extensible architecture to replace version 1. But, as with most products, not every organization upgrades – particularly in the case of Log4j, as version 2 was not backward compatible with 1.x versions. A vulnerability was discovered late last year in 1.x versions whose related vulnerable code had existed since 2013.
It’s not just the singular attack method found in Log4j-based attacks that should be obvious to you, but also that the use of vulnerabilities in open source code attacks has been growing over the past years, making it a necessary part of every cybersecurity program’s focus.
So, what can you learn from the Log4j attack, how vulnerable are open source packages and libraries, and what should you do about it to better secure the environment?
In this Real Training for Free session, join Microsoft MVP Nick Cavalancia, as he discusses:
- The state of open source applications
- How we’re seeing vulnerabilities playing a role in cybercriminal strategy, evolution, and execution
- Tracing open source application attacks back to MITRE’s ATT&CK Framework and related mitigation strategies
Nick will be joined by Devin Krugly, Vulnerability and Risk Management Practice Advisor at RAPID7, who will cover:
- Specifics around the Log4j attacks, current state , and just how much risk still exists across the security landscape?
- The rise of open source applications and the increase in risk it poses
- Practical guidance on steps to take to identify and address open source vulnerabilities
- Continually-updated resources available to base your proactive and reactive processes around
This real training for free event will be jam packed with technical detail and real-world application. Register today!