Every week I comb through 1000s of articles that get curated down to somewhere between 60 to 100 URLs eligible for DevOps'ish. Those URLs land in this notes file that ends up being source material for the newsletter. Being in that group of links is an achievement of its own and should be lauded.

It's a shame when I have to choose between having too many links or someone's special thing getting featured in the newsletter. Here's another chance to shine!

As always, thank you for reading,
Chris Short
He/Him/His
TZ=America/Detroit

The following links and/or notes accompany the corresponding issue of DevOps'ish.

Notes

Log4j

0day exploit for Log4j Java library could have a tsunami impact on IT giantsSecurity Affairs

Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j | Fastly

Apache Log4j2 Security Bulletin (CVE-2021-44228)

The Internet’s biggest players are all affected by critical Log4Shell 0-day | Ars Technica

Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory

Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j | Fastly

Understanding Log4Shell via Exploitation and Live Patching (CVE-2021-44228 + CVE-2021-45046) | LunaSec

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Log4Shell Makes Its Appearance in Hacker Chatter: 4 Observations | Rapid7 Blog

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaSec

fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

The Numbers Behind Log4j CVE-2021-44228 - Check Point Software

Log4Shell: We Are in So Much Trouble – The New Stack

Hackers launch over 840,000 attacks through Log4J flaw | Ars Technica

Patching Log4Shell in One Command Without Downtime Using Ephemeral Containers | by Eden Federman | Dec, 2021 | Medium

Guide: How To Detect and Mitigate the Log4Shell Vulnerability (CVE-2021-44228 & CVE-2021-45046) | LunaSec

BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-18 0018 UTC

Hotpatch for Apache Log4j | AWS Open Source Blog

Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation | CISA

Other Notes

Open Source in China: Next Four Years

“Open Source” is Broken - Xe

Russian hackers bypass 2FA by annoying victims with repeated push notifications - The Record by Recorded Future

A New Chapter for HashiCorp

How eBPF will solve Service Mesh - Goodbye Sidecars

Hackers jailbreak the PS4, claim kernel exploit also works on PS5

Project Zero: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

Microsoft Patches Zero-Day Spreading Emotet Malware

Peloton CEO Apologizes After Holiday Party Frustrates Employees

Karpenter node provisioner for Kubernetes - YouTube

Keeping curl safe | daniel.haxx.se

Chrome Users Beware: Manifest V3 is Deceitful and Threatening | Electronic Frontier Foundation

How to migrate from CentOS 8 to Rocky Linux (conversion) - nixCraft