<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>log4j &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/log4j/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Mon, 12 Feb 2024 17:55:15 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Identify Java nested dependencies with Amazon Inspector SBOM Generator</title>
		<link>https://noise.getoto.net/2024/02/12/identify-java-nested-dependencies-with-amazon-inspector-sbom-generator/</link>
		
		<dc:creator><![CDATA[Chi Tran]]></dc:creator>
		<pubDate>Mon, 12 Feb 2024 17:55:15 +0000</pubDate>
				<category><![CDATA[Amazon Inspector]]></category>
		<category><![CDATA[Intermediate (200)]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[Security Blog]]></category>
		<category><![CDATA[Security, Identity & Compliance]]></category>
		<category><![CDATA[Technical How-to]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=9c7d2ef61b5d9ddaed634a82d295d804</guid>

					<description><![CDATA[Amazon Inspector is an automated vulnerability management service that continually scans Amazon Web Services (AWS) workloads for software vulnerabilities and unintended network exposure. Amazon Inspector currently supports vulnerability reporting for Amazon Elastic Compute Cloud (Amazon EC2) instances, container images stored in Amazon Elastic Container Registry (Amazon ECR), and AWS Lambda. Java archive files (JAR, WAR, […]]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>What&#8217;s New in InsightVM and Nexpose: Q1 2022 in Review</title>
		<link>https://noise.getoto.net/2022/04/19/whats-new-in-insightvm-and-nexpose-q1-2022-in-review/</link>
		
		<dc:creator><![CDATA[Roshnee Mistry Shah]]></dc:creator>
		<pubDate>Tue, 19 Apr 2022 17:52:17 +0000</pubDate>
				<category><![CDATA[InsightVM]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[Nexpose]]></category>
		<category><![CDATA[Product Updates]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<category><![CDATA[Vulnerability Risk Management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=ed80467d2d29d8dc10e754c9ea19d9ad</guid>

					<description><![CDATA[The product updates our vulnerability management (VM) team has made to InsightVM and Nexpose in the last quarter will empower you to stay in charge — not the vulnerabilities.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/04/insightvm-q1-22.jpg" length="0" type="" />

			</item>
		<item>
		<title>Log4Shell 2 Months Later: Security Strategies for the Internet&#8217;s New Normal</title>
		<link>https://noise.getoto.net/2022/02/17/log4shell-2-months-later-security-strategies-for-the-internets-new-normal/</link>
		
		<dc:creator><![CDATA[Jesse Mack]]></dc:creator>
		<pubDate>Thu, 17 Feb 2022 18:00:00 +0000</pubDate>
				<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[research]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<category><![CDATA[Vulnerability Risk Management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=18cf89aa3b9772e6a572177134f45f3a</guid>

					<description><![CDATA[On Wednesday, February 16, Rapid7 experts Bob Rudis, Devin Krugly, and Glenn Thorpe sat down for a webinar on the current state of the Log4j vulnerability.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/02/log4shell-new-normal.jpg" length="0" type="" />

			</item>
		<item>
		<title>[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability</title>
		<link>https://noise.getoto.net/2022/01/19/security-nation-mike-hanley-of-github-on-the-log4j-vulnerability/</link>
		
		<dc:creator><![CDATA[Rapid7]]></dc:creator>
		<pubDate>Wed, 19 Jan 2022 21:47:30 +0000</pubDate>
				<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[open source]]></category>
		<category><![CDATA[Security Nation]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=078d5ee222682a75ae1a1a3a3684e38d</guid>

					<description><![CDATA[In our first episode of Security Nation Season 5, Jen and Tod chat with Mike Hanley, Chief Security Officer at GitHub, all about the major vulnerability in Apache’s Log4j logging library.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/01/security_nation_logo.jpg" length="0" type="" />

			</item>
		<item>
		<title>Active Exploitation of VMware Horizon Servers</title>
		<link>https://noise.getoto.net/2022/01/18/active-exploitation-of-vmware-horizon-servers/</link>
		
		<dc:creator><![CDATA[Glenn Thorpe]]></dc:creator>
		<pubDate>Tue, 18 Jan 2022 20:00:15 +0000</pubDate>
				<category><![CDATA[Emergent Threat Response]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=6eadcd983283e3d546ef2907978e95f1</guid>

					<description><![CDATA[Attackers are actively targeting VMware Horizon servers vulnerable to Apache Log4j CVE-2021-44228 (Log4Shell) and related vulnerabilities.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/01/vmware-server-exploitation.jpg" length="0" type="" />

			</item>
		<item>
		<title>Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale</title>
		<link>https://noise.getoto.net/2022/01/07/log4shell-strategic-response-5-practices-for-vulnerability-management-at-scale/</link>
		
		<dc:creator><![CDATA[Joshua Harr]]></dc:creator>
		<pubDate>Fri, 07 Jan 2022 18:20:22 +0000</pubDate>
				<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[Security Strategy]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=7f1312e79e0925118565c90443170051</guid>

					<description><![CDATA[Where do you begin to respond to a critical vulnerability like the one in Apache’s Log4j Java library (a.k.a. Log4Shell)? Start with these 5 concepts.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2022/01/log4shell-strategic-response.jpg" length="0" type="" />

			</item>
		<item>
		<title>Test for Log4Shell With InsightAppSec Using New Functionality</title>
		<link>https://noise.getoto.net/2021/12/22/test-for-log4shell-with-insightappsec-using-new-functionality/</link>
		
		<dc:creator><![CDATA[Bria Grangard]]></dc:creator>
		<pubDate>Wed, 22 Dec 2021 21:50:50 +0000</pubDate>
				<category><![CDATA[Application Security]]></category>
		<category><![CDATA[InsightAppSec]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=c6c1b8357abd28aeb0f423a0a099098a</guid>

					<description><![CDATA[In this blog, we share how Rapid7 customers can test for Log4Shell with InsightAppSec.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2021/12/test-log4shell-insightappsec.jpg" length="0" type="" />

			</item>
		<item>
		<title>Metasploit Wrap-Up</title>
		<link>https://noise.getoto.net/2021/12/18/metasploit-wrap-up-37/</link>
		
		<dc:creator><![CDATA[Alan David Foster]]></dc:creator>
		<pubDate>Fri, 17 Dec 2021 22:53:06 +0000</pubDate>
				<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[Metasploit]]></category>
		<category><![CDATA[Metasploit Weekly Wrapup]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=cb62092b4c7e70876cf276ba04dd7597</guid>

					<description><![CDATA[A new Log4Shell / Log4j scanner module for Metasploit, a new WordPress module, and multiple enhancements and bug fixes]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2021/12/metasploit-sky-1.png" length="0" type="" />

			</item>
		<item>
		<title>Using AWS security services to protect against, detect, and respond to the Log4j vulnerability</title>
		<link>https://noise.getoto.net/2021/12/16/using-aws-security-services-to-protect-against-detect-and-respond-to-the-log4j-vulnerability/</link>
		
		<dc:creator><![CDATA[Marshall Jones]]></dc:creator>
		<pubDate>Wed, 15 Dec 2021 23:36:29 +0000</pubDate>
				<category><![CDATA[Amazon GuardDuty]]></category>
		<category><![CDATA[Amazon Inspector]]></category>
		<category><![CDATA[announcements]]></category>
		<category><![CDATA[AWS Network Firewall]]></category>
		<category><![CDATA[AWS Security Hub]]></category>
		<category><![CDATA[AWS Web Application Firewall]]></category>
		<category><![CDATA[Customer Solutions]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[open source]]></category>
		<category><![CDATA[Security, Identity & Compliance]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=46e3806866939bda5fcbeca83e3013fc</guid>

					<description><![CDATA[January 7, 2022: The blog post has been updated to include using Network ACL rules to block potential log4j-related outbound traffic. January 4, 2022: The blog post has been updated to suggest using WAF rules when correct HTTP Host Header FQDN value is not provided in the request. December 31, 2021: We made a minor […]]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>The Everyperson’s Guide to Log4Shell (CVE-2021-44228)</title>
		<link>https://noise.getoto.net/2021/12/15/the-everypersons-guide-to-log4shell-cve-2021-44228/</link>
		
		<dc:creator><![CDATA[boB Rudis]]></dc:creator>
		<pubDate>Wed, 15 Dec 2021 19:44:42 +0000</pubDate>
				<category><![CDATA[exploits]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=9cb105938bde92f573a2de68bc20cf46</guid>

					<description><![CDATA[This blog is for everyone who wants to understand what’s going on with the Log4Shell vulnerability in Log4j and why the internet seems to be on fire again.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2021/12/log4shell-faq.jpg" length="0" type="" />

			</item>
		<item>
		<title>How to Protect Your Applications Against Log4Shell With tCell</title>
		<link>https://noise.getoto.net/2021/12/15/how-to-protect-your-applications-against-log4shell-with-tcell/</link>
		
		<dc:creator><![CDATA[Bria Grangard]]></dc:creator>
		<pubDate>Wed, 15 Dec 2021 14:58:14 +0000</pubDate>
				<category><![CDATA[Application Security]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[tCell]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=4cdb288231fa4bf52c0067d9d4feabbf</guid>

					<description><![CDATA[Let’s walk through the various ways tCell can help our customers protect against Log4Shell attacks.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2021/12/tcell-log4shell.jpg" length="0" type="" />

			</item>
		<item>
		<title>Protection against CVE-2021-45046, the additional Log4j RCE vulnerability</title>
		<link>https://noise.getoto.net/2021/12/15/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability/</link>
		
		<dc:creator><![CDATA[Gabriel Gabor]]></dc:creator>
		<pubDate>Wed, 15 Dec 2021 13:56:13 +0000</pubDate>
				<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<category><![CDATA[WAF Rules]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=6576ebcbd20cf31a2c62b02e1f043027</guid>

					<description><![CDATA[This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0. The latest version can be found on the Log4J download page.]]></description>
		
		
		<enclosure url="http://blog.cloudflare.com/content/images/2021/12/image1-81.png" length="0" type="" />

			</item>
		<item>
		<title>Patch Tuesday &#8211; December 2021</title>
		<link>https://noise.getoto.net/2021/12/15/patch-tuesday-december-2021/</link>
		
		<dc:creator><![CDATA[Greg Wiseman]]></dc:creator>
		<pubDate>Tue, 14 Dec 2021 22:12:53 +0000</pubDate>
				<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[Patch Tuesday]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=b6de24165aa9aa83eda117170eddad44</guid>

					<description><![CDATA[This month’s Patch Tuesday comes in the middle of a global effort to mitigate Apache Log4j CVE-2021-44228.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2021/12/patches-2.jpg" length="0" type="" />

			</item>
		<item>
		<title>Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations</title>
		<link>https://noise.getoto.net/2021/12/14/log4shell-makes-its-appearance-in-hacker-chatter-4-observations/</link>
		
		<dc:creator><![CDATA[Alon Arvatz]]></dc:creator>
		<pubDate>Tue, 14 Dec 2021 21:05:17 +0000</pubDate>
				<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[Threat Intel]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=e43819a7de1dd0f60e63e67a27b9301b</guid>

					<description><![CDATA[The Rapid7 Threat Intelligence team is tracking the attacker's-eye view on Log4Shell and the related chatter on the clear, deep, and dark web.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2021/12/log4shell-chatter.jpg" length="0" type="" />

			</item>
		<item>
		<title>Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration</title>
		<link>https://noise.getoto.net/2021/12/14/exploitation-of-log4j-cve-2021-44228-before-public-disclosure-and-evolution-of-evasion-and-exfiltration/</link>
		
		<dc:creator><![CDATA[John Graham-Cumming]]></dc:creator>
		<pubDate>Tue, 14 Dec 2021 17:48:50 +0000</pubDate>
				<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<category><![CDATA[waf]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=7a6a0f757d9d82c19dc4c68e0415ba27</guid>

					<description><![CDATA[In this blog post we will cover WAF evasion patterns and exfiltration attempts seen in the wild, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228.]]></description>
		
		
		<enclosure url="http://blog.cloudflare.com/content/images/2021/12/image1-73.png" length="0" type="" />

			</item>
		<item>
		<title>Using InsightVM to Find Apache Log4j CVE-2021-44228</title>
		<link>https://noise.getoto.net/2021/12/14/using-insightvm-to-find-apache-log4j-cve-2021-44228/</link>
		
		<dc:creator><![CDATA[Greg Wiseman]]></dc:creator>
		<pubDate>Tue, 14 Dec 2021 14:17:29 +0000</pubDate>
				<category><![CDATA[Emergent Threat Response]]></category>
		<category><![CDATA[InsightVM]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[Vulnerability management]]></category>
		<category><![CDATA[Vulnerability Risk Management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=f37bd0c67170721734a26d15e6d99b3e</guid>

					<description><![CDATA[How to use InsightVM or Nexpose to detect exposure to Log4Shell CVE-2021-44228 in your environment, plus additional detail about how our various vulnerability checks work under the hood.]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2021/12/insightvm-log4j.jpg" length="0" type="" />

			</item>
		<item>
		<title>Update on Log4Shell’s Impact on Rapid7 Solutions and Systems</title>
		<link>https://noise.getoto.net/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/</link>
		
		<dc:creator><![CDATA[Rapid7]]></dc:creator>
		<pubDate>Tue, 14 Dec 2021 00:55:13 +0000</pubDate>
				<category><![CDATA[Emergent Threat Response]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[Vulnerability Risk Management]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=9f3c0081d4135e83f44053063f0e78ee</guid>

					<description><![CDATA[Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s log4j Java library (a.k.a. Log4Shell).]]></description>
		
		
		<enclosure url="https://blog.rapid7.com/content/images/2021/12/log4j-response.jpg" length="0" type="" />

			</item>
		<item>
		<title>Open source hotpatch for Apache Log4j vulnerability</title>
		<link>https://noise.getoto.net/2021/12/13/open-source-hotpatch-for-apache-log4j-vulnerability/</link>
		
		<dc:creator><![CDATA[Steve Schmidt]]></dc:creator>
		<pubDate>Mon, 13 Dec 2021 21:09:47 +0000</pubDate>
				<category><![CDATA[announcements]]></category>
		<category><![CDATA[Customer Solutions]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[log4shell]]></category>
		<category><![CDATA[open source]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=3e5bc8f5c4b083c58da8efe6ec028051</guid>

					<description><![CDATA[At Amazon Web Services (AWS), security remains our top priority. As we addressed the Apache Log4j vulnerability this weekend, I’m pleased to note that our team created and released a hotpatch as an interim mitigation step. This tool may help you mitigate the risk when updating is not immediately possible. It’s important that you review, […]]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Zabbix NOT AFFECTED by the Log4j exploit</title>
		<link>https://noise.getoto.net/2021/12/13/zabbix-not-affected-by-the-log4j-exploit/</link>
		
		<dc:creator><![CDATA[Arturs Lontons]]></dc:creator>
		<pubDate>Mon, 13 Dec 2021 12:04:36 +0000</pubDate>
				<category><![CDATA[CVE-2021-44228]]></category>
		<category><![CDATA[log4j]]></category>
		<category><![CDATA[news]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[Technical]]></category>
		<guid isPermaLink="false">https://blog.zabbix.com/?p=17873</guid>

					<description><![CDATA[A newly revealed vulnerability impacting Apache Log4j 2 versions 2.0 to 2.14.1 was disclosed on GitHub on 9 December…]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 49/386 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-11 00:13:34 by W3 Total Cache
-->