Posts Tagged ‘Secure By Design’

Organizations should fear misconfigurations more than vulnerabilities

Filed in Security vulnerabilities on Sep.15, 2022

Censys launched its State of the Internet Report, a holistic view into internet risks and organizationsā€™ exposure to them. Through careful examination of which ports, services, and software are most prevalent on the internet and the systems and regions where they run, the research team discovered thatĀ misconfigurationsĀ and exposures represent 88% of the risks and vulnerabilities […]

Tags: misconfigurations, Secure By Design

Comments (2)

While attackers begin exploiting a second Log4j flaw, a third one emerges

Filed in App Security, Log4j, Security vulnerabilities on Dec.16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046, disclosed in the Log4j library. The CVE-2021-45046 received a CVSS score of 3.7 and affects Log4j […]

Tags: Log4j, Log4shell, Secure By Design

Leave a Comment

Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

Filed in Log4j, Security vulnerabilities on Dec.15, 2021

New versions of Log4j The recent discovery of a second Log4j vulnerability (CVE-2021-45046) has shown that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This vulnerability could allow attackers to craft malicious input data using a JNDI Lookup pattern, resulting in a denial of service (DoS) attack. ā€œNote […]

Tags: Log4j, Log4shell, Secure By Design

Leave a Comment

  • subscribe

  • Advertising

  • Click below to Follow DISC InfoSec blog

      👇           👇           👇

    Follow DISC InfoSec blog

    DISC InfoSec Titles

  • DISC InfoSec Services


    👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

  • Get a Cyber Aware Cheat Sheet now!

  • “Like” our FB DISC InfoSec page

    >>> DISC InfoSec Facebook Page <<<

  • DISC InfoSec Store

    DISC online store for recommended InfoSec products

  • DISC InfoSec Online Services

    DISC InoSec Services
  • Download ISO27k Standards

    vCISO as a service



  • Search DISC InfoSec blog

  • Meta

  • Blogroll

  • Archives

  • Categories

  • Tags

    Business Chief Information Security Officer china CISA CISO Cloud computing cloud security Computer security Credit card cyberwarfare dark web data breach data security facebook Google Hacking Health Insurance Portability and Accountability Act Identity Theft Information Security Information Security Management System International Organization for Standardization isms ISO/IEC 27001 iso 27001 ISO 27001 2013 ISO 27001 2013 Gap Assessment iso 27001 certification iso 27002 Log4j Log4shell Malware Microsoft Payment Card Industry Data Security Standard pci dss Pegasus spyware phishing privacy Ransomware Protection Playbook Risk Assessment Risk management Security Security Risk Assessment Spyware United States vCISO

  • For an InfoSec and Compliance question

    Contact us

    Support us
  • Best Sellers Books in Computer Security

    New Releases in Computer Security