![]() Microsoft has added Log4j tools to Microsoft 365 Defender, including updates that provide a “consolidated view” of the organization’s exposure to the vulnerabilities on the device, software and vulnerable component level via automated and complementing capabilities. The tool can run on Windows, Mac and Linux systems. The firm says the tool performs a targeted search by scanning a given set of directories foe JAR, WAR, ZIP and EAR files, then performs a deeper scan on those file types matching against a known set of checksums for Log4j libraries. CrowdStrikeĬybersecurity giant CrowdStrike has also released a free Log4j scanning tool, which it calls the CrowdStrike Archive Scan Tool (CAST). ![]() Per the agency, the scanner is a modified version of scanners from cybersecurity company FullHunt and other sources. The tool is available on CISA’s GitHub page here. Cybersecurity and Infrastructure Security Agency (CISA) published an open-sourced Log4j scanner derived from scanners created by other members of the open-source community, the agency tweeted last week. Here is a quick rundown of some of the available tools: CISA That includes multiple open source and commercial scanning tools provided by government organizations and tech firms alike. Since Log4j is a hugely popular Java logging tool, the tech industry rallied to help IT departments and technologists address every instance of Log4j in their environment. The Apache Foundation has since fixed the bugs and issued patches, so the onus is now on software developers and administrators to patch software and apply the fixes. Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic earlier this month.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |