Daniel Miessler

DECEMBER 18, 2021

If you’re reading this you’re underslept and over-caffeinated due to log4j. Thank you for your service. I have some good news. I know a super-smart guy named d0nut who figured something out like 3 days ago that very few people know. Once you have 2.15 applied—or the CLI implementation to disable lookups—you actually need a non-default log4j2.properties configuration to still be vulnerable!

Internet 363

Internet Internet Information Security 363

Bleeping Computer

DECEMBER 18, 2021

Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes CVE-2021-45105, a DoS vulnerability. [.].

145

145

Security Affairs

DECEMBER 18, 2021

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. 2.17 is the third fix issued in a week. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.

Software 144

Software Hacking Ransomware Information Security 144

Bleeping Computer

DECEMBER 18, 2021

Western Digital is urging customers to update their WD My Cloud devices to the latest available firmware to keep receiving security updates on My Cloud OS firmware reaching the end of support. [.].

Firmware 139

Firmware 139

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

DECEMBER 18, 2021

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection.

Cybersecurity 139

Cybersecurity 139

CyberSecurity Insiders

DECEMBER 18, 2021

By cybersecurity expert and J2 CEO John Mc Loughlin. It’s never been more important to protect employees from cyber-attacks while also mitigating the risk they pose as trusted insiders. The erosion of the cyber-perimeter as a result of new virtual workforce models necessitates a new approach, one that baselines activities and behaviors and protects employees by highlighting anomalies.

Risk 134

Risk Social Engineering Surveillance Data collection 134

CyberSecurity Insiders

DECEMBER 18, 2021

If 2020 and 2021 saw security convergence gain wider acceptance among enterprises and small/medium businesses, 2022 is set to see the trend accelerate and impact many previously ‘standalone’ aspects of cyber and physical security. The goal is to close the security gaps that can exist when physical and security teams operate in silos. . Smart locks and access control .

Artificial Intelligence 132

Artificial Intelligence Security Awareness Risk Mobile 132

Security Affairs

DECEMBER 18, 2021

A cyber attack hit four affiliated online sports gear sites and resulted in the theft of credit cards for 1,813,224 customers. Threat actors have stolen credit cards belonging to 1,813,224 customers of four affiliated online sports gear sites. Below are the affected websites: Tackle Warehouse LLC (tacklewarehouse.com) – Fishing gear Running Warehouse LLC (runningwarehouse.com) – Running apparel Tennis Warehouse LCC (tennis-warehouse.com) – Tennis apparel Skate Warehouse LLC (skatewarehouse.c

Accountability 104

Accountability Banking Cyber Attacks Passwords 104

CyberSecurity Insiders

DECEMBER 18, 2021

Online shopping, mobile banking, even accessing your e-mails — all these can expose you to cyber threats. They have been on the rise ever since the pandemic began, making the virtual world increasingly scary. The good news is you can protect yourself against all these threats, without having to be too tech savvy. By learning how to use online platforms safely from the tips below, you will be able to minimize the risks of identity theft and money fraud.

Internet 120

Internet Internet Passwords Banking 120

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Western Digital is urging customers to update their WD My Cloud devices to the latest firmware version to continues receiving security updates on My Cloud OS firmware that is reaching the end of support. The company announced the end support for prior generations of My Cloud OS, including My Cloud OS 3. “On April 15, 2022 , support for prior genera

Firmware 104

Firmware Architecture Internet Internet 104

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

SecureBlitz

DECEMBER 18, 2021

Here is one of the biggest Christmas giveaway in 2021 By AOMEI. In the spirit of Christmas, AOMEI in cooperation with other software companies has decided to give away 15 best-selling products worth $521 to users for free. Yes, Free! This giveaway includes products of various software categories including Backup and Partition, Utility, PC Optimization, The post Biggest Christmas Giveaway By AOMEI [Worth $521 For Free] appeared first on SecureBlitz Cybersecurity.

Backups 89

Backups Software Cybersecurity 89

Security Boulevard

DECEMBER 18, 2021

This morning, the Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new CVE-2021-45105. Contrast recommends using this most secure version. The post [Upgrade to 2.17] Updated Guidance on Addressing Log4J CVEs appeared first on Security Boulevard.

Software 67

Software 67

WIRED Threat Level

DECEMBER 18, 2021

Plus: An alleged spy, a ransomware arrest, and more of the week's top security news.

Ransomware 95

Ransomware 95

Security Boulevard

DECEMBER 18, 2021

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® ! Permalink. The post Joy Of Tech® ‘Lame Gift Tags’ appeared first on Security Boulevard.

67

67

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

DECEMBER 18, 2021

Business Wire. We apologize for the inconvenience. Our team is working to resolve the issue. If you have questions or need to submit a news release, please contact your local Business Wire bureau: US: +1.888.381.WIRE(9473). Australia: +61 2.9004.7015. Canada: +1.416.593.0208. France: +33 1.56.88.29.40. Germany: +49 69.915066.0. Hong Kong: +852.3602.3091.

Cybersecurity 40

Cybersecurity 40

Security Boulevard

DECEMBER 18, 2021

Our thanks to Security BSides Delaware for publishing their well-crafted videos from the Security BSides Delaware 2021 conference on the Oranizations’ YouTube channel. Permalink. The post Security BSides Delaware 2021 – Dr. Nikki Robinson’s ‘Human Perception: The Missing Security Control’ appeared first on Security Boulevard.

Education 62

Education InfoSec Information Security Cybersecurity 62

Veracode Security

DECEMBER 18, 2021

It’s Clint Pollock, principal solutions architect, here for the final lesson in the four-part series on how to use Veracode from the command line in the Cloud9 IDE to submit a software composition analysis (SCA) scan and a dynamic scan. To start, if you’re looking to leverage the Veracode API signing docker image with the Veracode rest APIs, go to the Help Center, go to the Rest API section, and take a look at the available options.

Authentication 40

Authentication Software 40

Security Boulevard

DECEMBER 18, 2021

Our thanks to BSides Tallinn for publishing their superb videos from BSides Tallinn 2021 on the Conferences’ YouTube channel. Permalink. The post BSides Tallinn 2021 – Rob Dyke’s ‘Never Disclose – Until Broken Cyber Law Is Fixed’ appeared first on Security Boulevard.

Education 62

Education InfoSec Information Security Cybersecurity 62

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Veracode Security

DECEMBER 18, 2021

It’s Clint Pollock, principal solutions architect, here for the final lesson in the four-part series on how to use Veracode from the command line in the Cloud9 IDE to submit a software composition analysis (SCA) scan and a dynamic scan. To start, if you’re looking to leverage the Veracode API signing docker image with the Veracode rest APIs, go to the Help Center, go to the Rest API section, and take a look at the available options.

Authentication 40

Authentication Software 40