Company News and Product Updates from Kloudle

Kloudle launches Kloudle Academy, a free e-resource cloud security learning platform.

A post about how we performed an analysis of the Kafka connectors in use for a customer to detect if they were vulnerable to the recently discovered Log4j vulnerability - CVE-2021-44228 and CVE-2021-45046.

A list containing links to the advisories and security announcements published by various Cloud platforms and SaaS providers regarding CVE-2021-44228, the Log4j Remote Unauthenticated Code Execution vulnerability.

Apache Log4j is an open-source Java package. It is the most widely used default logging package. Many many things can go wrong. Attackers may execute their own code in your server, remotely over the network, without any permission! If not code, they can scoop up all the server secrets that are in the server memory. Affected users include Apple iCloud, AWS, Google, Cloudflare, most of the financial services world, among others.

To ensure absolute security, Google has offered its users tools to help them protect their cloud-based resources. Here are a few tools in the Google security network that your business can leverage to ensure consistent security in your cloud accounts.

The Google cloud security network offers a shared responsibility model for cloud security with its users. While Google ensures that all the infrastructure is secure, the users of GCP are expected to secure their workload, data, and other resources on the cloud. While Google Cloud offers its users the tools to secure their cloud resources, attackers often find their way into your cloud resources due to misconfigurations during development.