Every week I comb through 1000s of articles that get curated down to somewhere between 60 to 100 URLs eligible for DevOps'ish. Those URLs land in this notes file that ends up being source material for the newsletter. Being in that group of links is an achievement of its own and should be lauded.
It's a shame when I have to choose between having too many links or someone's special thing getting featured in the newsletter. Here's another chance to shine!
As always, thank you for reading,
Chris Short
He/Him/His
TZ=America/Detroit
The following links and/or notes accompany the corresponding issue of DevOps'ish.
Notes
Log4j
0day exploit for Log4j Java library could have a tsunami impact on IT giantsSecurity Affairs
Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j | Fastly
Apache Log4j2 Security Bulletin (CVE-2021-44228)
The Internet’s biggest players are all affected by critical Log4Shell 0-day | Ars Technica
Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory
Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j | Fastly
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges
Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations | Rapid7 Blog
Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaSec
The Numbers Behind Log4j CVE-2021-44228 - Check Point Software
Log4Shell: We Are in So Much Trouble – The New Stack
Hackers launch over 840,000 attacks through Log4J flaw | Ars Technica
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-18 0018 UTC
Hotpatch for Apache Log4j | AWS Open Source Blog
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation | CISA
Other Notes
Open Source in China: Next Four Years
How eBPF will solve Service Mesh - Goodbye Sidecars
Hackers jailbreak the PS4, claim kernel exploit also works on PS5
Project Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
Microsoft Patches Zero-Day Spreading Emotet Malware
Peloton CEO Apologizes After Holiday Party Frustrates Employees
Karpenter node provisioner for Kubernetes - YouTube
Keeping curl safe | daniel.haxx.se
Chrome Users Beware: Manifest V3 is Deceitful and Threatening | Electronic Frontier Foundation
How to migrate from CentOS 8 to Rocky Linux (conversion) - nixCraft