Cyber Security Blog

Mitigating the log4j Vulnerability (CVE-2021-44228) with L7 Defense

70% of the Financial Service Providers are Implementing API Security!

Financial service providers, such as banks and credit card companies, use a vast amount of APIs, which makes them an attractive target for threat actors. That’s why API security is essential in the fast-changing business world of financial institutions.

In our podcast, Sandy Carielli, Principal Analyst at Forrester Research, presented the latest numbers

Mitigating the log4j Vulnerability (CVE-2021-44228)

Best practices to protect your web and API assets from near-future coming log4J attack variants

On December 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified as being exploited in the wild. The first attacks seemed only to target Apache web servers, but following investigations showed that hundreds of high-profile products and open-source modules were also vulnerable, as the log4j module is not limited to webserver only but is virtually everywhere (For example, organizations might log failed login attempts with log4j, allowing to send the exploitation payload via a username field).

The LinkedIn Breach

The LinkedIn Breach.

How did it happen? Since LinkedIn’s APIs are not accessible for unauthenticated users, it looks like it was a post-login attack that smartly avoided LinkedIn

Read More