The Microsoft 365 Defender Threat Intelligence Team and the Microsoft Threat Intelligence Center (MSTIC) has issued a new update to the December 11th guidance for preventing, detecting and hunting for exploitation of the Log4j vulnerability. The MSTIC has encourage Windows and Azure users to remain vigilant after observing the Log4j flaw through December. An expert from Gurucul has provided perspective.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
January 5, 2022 10:38 am

<p>\"The Log4j vulnerability continues to be one of the largest and most serious security problems in recent years that attackers continue to exploit despite its disclosure. The challenge is the widespread use of this open-source library and the difficulty in detecting its execution when it can be so deeply embedded down the software stack. Relying on traditional indicators of compromise or pattern matching is insufficient. Analyzing and controlling access to specific applications based on identity along with detection of anomalous behaviors to unearth this somewhat hidden vulnerability can more rapidly provide security teams with identification and prioritization of response actions.\"</p>

Last edited 5 months ago by Saryu Nayyar
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x