Webinar Description
On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java (specifically, the 2.x branch called Log4j2). The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th. MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.
Since then, the vulnerability has been reported to be massively exploited in the wild, due to the fact that it is trivially exploitable (weaponized PoCs are available publicly) and extremely popular, and got a wide coverage on media and social networks.
Join our Senior Director Security Research expert Shachar Menashe as he discusses:
- What is the Log4Shell vulnerability? Why is it so critical?
- Deep dive: vulnerability root cause
- JFrog Platform is non-affected / False positives
- Available patches
- Mitigations
- Xray detection from day one, with security research data
Presenter Information
Shachar Menashe
Senior Director Security Research
Shachar has more than 10 years of experience in security research, including low-level R&D, reverse engineering and vulnerability research. Before joining JFrog, he worked as a research team leader and security architect for AR giant Magic Leap where he specialized in areas such as Linux & Android security architecture, implementing custom kernel and bootloader mitigations, and secure development lifecycle processes. This led to a successful release of Magic Leap's OS which has remained unhacked to this day. Shachar holds a BSc in Electronics Engineering and Computer Science from Tel-Aviv University.
