Aggregator

反射修复log4j2

0x01 写在前面2021 年 12 月 9 号注定是一个不眠之夜，著名的Apache Log4j 项目被爆存在远程代码执行漏洞，且利用简单，影响危害巨大，光是引入了 log4j2 依赖的组件都...

Akamai has been monitoring the rapidly evolving developments of CVE-2021-44228. We have been working closely with our customers and internal application teams to mitigate the risks posed by the threat of unauthorized remote code execution. This includes deploying an update to our existing Apache WAF rules to include mitigation for this Zero Day CVE, and updating the Log4j library to version 2.15.0 or later.

作为非安全圈（主要是门槛不够，进不去）非著名喷子，今天不谈技术，不谈漏洞，回归喷子本质。

纸质书正式发售，赠书 10 本

Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could...

The post Concerned by the Security Risk Affecting Popular Services and Apps? Here’s What We Know. appeared first on McAfee Blog.

Apache Log4j2某些功能存在递归解析功能，攻击者可直接构造恶意请求，触发远程代码执行漏洞。漏洞利用无需特殊配置，Apache Struts2、Apache Solr、Apache Druid、Apache Flink等均受影响。

See how Akamai helped open-source logging library Log4j fight against a critical unauthenticated remote code execution (RCE) vulnerability and reduce customer exposure.

先是在野0day 《Grafana未授权任意文件读取》传出，随后更劲爆的《Apache Log4j2远程代码执行》的POC、EXP相继出现，后者的payloads传播速度之快、以及影响范围之广，使其在业内堪称 “核弹级” 漏洞。

We?re proud to announce the 1.0 release of the Property Manager extension to Visual Studio Code and Eclipse. With the new Property Manager extension, you can edit and validate Property Manager API (PAPI) JSON rule trees right from your integrated development environment (IDE). It allows you to make and validate critical changes to your configuration closer to your DevOps environment. Once you've updated and validated the configuration file in your IDE, you can easily push it back to the platform with PAPI or Akamai command-line interface (CLI).

Do you need antivirus (AV) products on smartphones and tablets?

价值判断 价值观 本文忽略掉了人文因素 讨论一样东西的价值的时候，技术社区和大众，甚至技术社区之间都有很大的矛盾。 因为人的价值观是非常不同的，简单

2021年12月10日，阿里云安全团队发现 Apache Log4j 2.15.0-rc1 版本存在漏洞绕过.

12月9日，网上爆出Apache Log4j2 远程代码执行漏洞，目前漏洞PoC已在网上公开，影响严重。

一個稱得上優秀的框架，必備的要素之一可以通過某種約定的格式讀取到所運行環境中的配置信息。本文中我們就來感受下

One aspect of resilience on the internet is that things ? notably servers and resources ? move around. Sometimes moves are legitimate, such as when a popular site evolves from hosting their own website to moving to a cloud provider to using a CDN to handle the ever-increasing traffic. Sometimes the moves are not legitimate, such as when an attacker pretends to be an ecommerce or banking site and steals a user?s credentials upon login. How can the end user tell the difference between legitimate and not-so-legitimate moves?

What a year 2021 has been. Even as the world continues to re-open to various degrees, we?re still feeling the impact from 2020?s move to an almost completely virtual world. Many large companies are shifting to a hybrid model, mixing the ability to work from home with working in the office. Some are even offering their employees the opportunity to work remotely indefinitely. There is no denying that the way we work, bank, play, and relax has been impacted by COVID-19. Shouting ?pivot? may have shot into popular culture in the TV show Friends, but it?s a rallying cry that?s been revived in the 2020s by businesses, individuals, and criminals alike.

Wedia makes it possible for some of the world?s biggest companies to effectively manage, customize, and deliver their marketing assets. Akamai is delighted that this fantastic brand has chosen us to deliver a rich and engaging web experience for its customers while also ensuring the highest level of security for the great array of multimedia assets stored on their platform by a number of Fortune 500 companies.

这个漏洞这几天大家提得也比较多，我就有了对此做一下漏洞分析的念头