Apache Log4j utility zero-day exploit - A double warning | December 2021 Server Parts Pricing Report | News from around our Industry

 
From: "WebHostingTalk Insider" <insider@PROTECTED>
Subject: Apache Log4j utility zero-day exploit - A double warning | December 2021 Server Parts Pricing Report | News from around our Industry
Date: December 15th 2021

December 15th 2021

HApache Log4j utility zero-day exploit - A double warning

Last Thursday Cloudflare published a blog post regarding a a zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) which was made public on December 9, that results in remote code execution (RCE). They said that this vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible. The latest version can already be found on the Log4j download page. And then yesterday a second vulnerability was found after days spent trying to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was "incomplete in certain non-default configurations." Apache has released a patch, Log4j 2.16.0, which fixes the problem by removing support for message lookup patterns and disabling JNDI functionality by default. Are you affected?

Join the discussion


 

 

December 2021 - Server Parts Pricing Report

Gabe's 11th server parts pricing report for 2021 is available. Since last year he's been tracking changing parts prices for RAM, SSDs, Hard Drives, CPUs, and a couple of GPUs. Typically this is done monthly, and then shared with WHT in a monthly report. Currently, all listed prices are from eBay, for used hardware, but he may start tracking more new hardware as well if there is a demand for it. Prices as of 1st December, 2021. Don't forget to check the "noteworthy changes" comments at the end of the report, which notes the removal and addition of certain components from the report, and any striking changes that have been picked up on.

Join the discussion


 

 

Fully Managed VPS Hosting from $15/mo

Liquid Web is now offering its lowest pricing ever on Fully Managed VPS, starting at $15/mo and fully backed by our 30-Day Money Back Guarantee.

With pre-pay pricing on our Fully Managed VPS, you get the performance, power and flexibility of the world's fastest VPS for less than you may be paying for an older, unmanaged instance.

- Faster than AWS, Rackspace, and DigitalOcean
- Free Migrations
- 24/7/365 support

Learn More


News from around our Industry

It's been another busy week around the industry so, without further ado, here's a few threads to get you started on your mid-week catch-up...

  • DHS launches permanent bug bounty program - The US Department of Homeland Security announced a permanent "Hack DHS" program, which will allow vetted cybersecurity researchers to test department networks for potential cybersecurity vulnerabilities that can be exploited by bad actors.
  • Amazon explains last week's outage - Revealing that an automated capacity scaling feature led to "unexpected behavior" from internal network clients and that devices connecting that internal network to AWS were swamped, stalling communications.
  • Digital Edge expands regional footprint with Philippines joint venture - The JV with the Threadborne Group will construct and operate a 10MW data center in Manila to be completed in Q4 2022. It will be the largest operational carrier neutral data center in the Philippines.
  • Netrality plans second data center in Kansas - The new data center is 172,000 square feet with 2MW of capacity currently available. An additional megawatt will be delivered during Netrality's first phase of development followed by another 3MW during the second phase.

Got some news of your own to share? If it's news from your own company it belongs in Web Hosting Industry Announcements (no ads please!). If you've scooped some news about something else going on in the hosting industry we'd love for you to share it in our Industry News section!

Browse all Industry News


  

 

Advertise with Web Hosting Talk

WebHostingTalk is an online community of members who regularly turn to WHT for information and peer engagement on hosting business and technology topics. WebHostingTalk supports a knowledgeable memberbase and attracts a web-savvy audience with user generated content and purpose. If you're looking to tap-in to advertising opportunities on WHT, reach out to sales@PROTECTED to start a discussion. Please remember to book your January 2022 campaigns early - Christmas is fast approaching!


Contact:
https://www.webhostingtalk.com
insider@PROTECTED
WebHostingTalk, Inc. 2 Toronto St., Ste. #239, Toronto, ON, M5C 2B5 Canada
Phone:+1 416 277 0095
 
  • This mailing list is a public mailing list - anyone may join or leave, at any time.
  • This mailing list is announce-only.

Delivered weekly, the Web Hosting Talk Insider newsletter covers the latest news in the cloud and hosting industry, the hottest Web Hosting Talk threads, and in-depth insight and commentary on the trends impacting your business.

Privacy Policy:

https://info.webhostingtalk.com/wht-privacy-policy/

Go back to WebHostingTalk