Cyber Security Post

Introduction Imagine a high-security building where passing the security guard at the front door doesn't give you free reign to wander into every office. Instead, you need to swipe your badge at every single door, elevator, and file cabinet you encounter. This is the essence of Zero Trust Architecture . In the digital world, it means that no user or application is trusted by default, even if they are already inside the network. If you are looking to understand the basics of ZTA without getting lost in jargon, you’ve come to the right place. Let’s explore how this security model works and why it’s the future of cyber-security.  Zero Trust checks for identity every time. Main pillars of Zero Trust :- Identity and Access Management (IAM) Device trust  Network segmentation Application-level access Continuous Monitoring Least Privilege   Traditional security model assumes that anything inside corporate model was trusted.This model fails when attacker gets inside the netw...

 Log4Shell Vulnerability Log4Shell Vulnerability , also known as  CVE-2021-44228.This vulnerability exposed how we develop secure software systems.No special skill or code was required.Simple text can invoke this vulnerability. To understand Log4Shell, lets understand Logs or Logging. Computer keeps logs of every tasks is performed on them.Engineers rely on logs to debug if any incident occurs.Normally they check Timestamp and message beside Timestamp. Like, from this log file screenshot we see INFO (Information) and ERROR (Error) and Timestamp But, what is Log4j  Its logging library for Java applications      Here, all login attempts are being recorded in log files. Without, Log4j developers will use System.out.println(). Now apart from writing log files Log4j can also execute commands given to them. Attacker found out that they can load and execute malicious code using Log4j. Log4j often hides in Apps JARs Inside Containers Tools to find it triv...