The Microsoft 365 Defender Threat Intelligence Team and the Microsoft Threat Intelligence Center (MSTIC) has issued a new update to the December 11th guidance for preventing, detecting and hunting for exploitation of the Log4j vulnerability. The MSTIC has encourage Windows and Azure users to remain vigilant after observing the Log4j flaw through December. An expert from Gurucul has provided perspective.

Experts Comments

January 05, 2022
Saryu Nayyar
CEO
Gurucul

"The Log4j vulnerability continues to be one of the largest and most serious security problems in recent years that attackers continue to exploit despite its disclosure. The challenge is the widespread use of this open-source library and the difficulty in detecting its execution when it can be so deeply embedded down the software stack. Relying on traditional indicators of compromise or pattern matching is insufficient. Analyzing and controlling access to specific applications based on

.....Read More

"The Log4j vulnerability continues to be one of the largest and most serious security problems in recent years that attackers continue to exploit despite its disclosure. The challenge is the widespread use of this open-source library and the difficulty in detecting its execution when it can be so deeply embedded down the software stack. Relying on traditional indicators of compromise or pattern matching is insufficient. Analyzing and controlling access to specific applications based on identity along with detection of anomalous behaviors to unearth this somewhat hidden vulnerability can more rapidly provide security teams with identification and prioritization of response actions."

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.