Tech Republic Security
DECEMBER 13, 2021
Apache has patched the vulnerability in its Log4j 2 library, but attackers are searching for unprotected servers on which they can remotely execute malicious code.
CSO Magazine
DECEMBER 13, 2021
A penetration tester, sometimes called an ethical hacker, is a security pro who launches simulated attacks against a client's network or systems in order to seek out vulnerabilities. Their goal is to demonstrate where and how a malicious attacker might exploit the target network, which allows their clients to mitigate any weaknesses before a real attack occurs.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
DECEMBER 13, 2021
The critical flaw in the ubiquitous Log4j utility has sent shockwaves way beyond the security industry – here’s what we know so far. The post Log4Shell vulnerability: What we know so far appeared first on WeLiveSecurity.
Bleeping Computer
DECEMBER 13, 2021
A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
DECEMBER 13, 2021
October is Cyber Security Awareness month. Cyber Security Awareness month was officially launched by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security (DHS) in October of 2004. At first, the effort was aimed around common cyber security facts and advice. Since then, the two organizations have worked collaboratively to provide education, […].
Bleeping Computer
DECEMBER 13, 2021
Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it's possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device's Bluetooth component. [.].
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 13, 2021
News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday. [.].
eSecurity Planet
DECEMBER 13, 2021
Cybersecurity vaccines are emerging as a new tool to defend against threats like ransomware and zero-day vulnerabilities. Cybersecurity firms have released “vaccines” in recent days to protect against the widely used STOP ransomware strain and the new Apache Log4Shell vulnerability. Germany-based G Data CyberDefense released software designed to trick the STOP ransomware variant into believing that a targeted system has already been compromised and keeping it from encrypting files af
Bleeping Computer
DECEMBER 13, 2021
Romanian law enforcement authorities arrested a ransomware affiliate suspected of hacking and stealing sensitive info from the networks of multiple high-profile companies worldwide, including a large Romanian IT company with clients from the retail, energy, and utilities sectors. [.].
Security Boulevard
DECEMBER 13, 2021
The meaning of “cybersecurity awareness” changed in some pretty meaningful ways in 2021. Comprehensive employee security awareness training helps organizations to reduce risky behaviors, build a security-first internal culture and prevent cyberattacks. But what does “security awareness” mean? There were some significant ways in which cybersecurity awareness changed in 2021.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
SecureList
DECEMBER 13, 2021
CVE-2021-44228 summary. Last week information security media reported the discovery of the critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). The threat, also named Log4Shell or LogJam , is a Remote Code Execution (RCE) class vulnerability. If an attacker manages to exploit it on a vulnerable server, they gain the ability to execute arbitrary code and potentially take full control of the system.
The Hacker News
DECEMBER 13, 2021
Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to detect and block the threat in an effective manner proactively.
Security Boulevard
DECEMBER 13, 2021
Last week’s critical bug in Log4j still reverberates ’round the racks. In today’s SB Blogwatch, we wave goodbye to Java. The post Update: Log4Shell RCE Zero-Day—Reactions and Recriminations appeared first on Security Boulevard.
Cisco Security
DECEMBER 13, 2021
The Apache Log4j vulnerability (CVE-2021-44228) has taken the Internet by storm in the past few days. This blog details quick ways Secure Firewall Threat Defense (FTD) and Secure IPS users can protect against attacks leveraging this vulnerability while patching their infrastructure. Talos first released updated Snort rules on Friday, December 10. For customers inspecting ingress traffic— with decryption if traffic is TLS (Transport Layer Security) encrypted — these rules will alert and can bloc
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
DECEMBER 13, 2021
Google has released Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild. [.].
eSecurity Planet
DECEMBER 13, 2021
Cybercriminals are quickly ramping up efforts to exploit the critical flaw found in the widely used Log4j open-source logging tool, targeting everything from cryptomining to data theft to botnets that target Linux systems. The cybersecurity community is responding with tools for detecting exploitation of the vulnerability, a remote code execution (RCE) flaw dubbed Log4Shell and tracked as CVE-2021-44228.
Threatpost
DECEMBER 13, 2021
Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking.
Graham Cluley
DECEMBER 13, 2021
Everyone is talking about Log4Shell, a zero-day remote code execution exploit in versions of log4j, the popular open source Java logging library.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
DECEMBER 13, 2021
A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component. [.].
Security Boulevard
DECEMBER 13, 2021
The buzz has been growing around 5G MEC (multi-access edge computing) as the new networking standard that promises faster speeds, greater bandwidth and optimized mobility as the technology has moved from concept to reality. 5G network edges are designed to support various use cases that will prove extremely important to organizations across the board, including.
Digital Guardian
DECEMBER 13, 2021
The New York Department of Financial Services reiterated last week that rolling out MFA and ensuring its configured properly is essential to reducing cyber risk.
CSO Magazine
DECEMBER 13, 2021
You already have security tools meant to prevent attackers from getting into your environment, but what happens after they compromise one of your systems? It could happen many ways, and wise security professionals know that good defenses must include methods to detect and stop advanced threats.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
DECEMBER 13, 2021
Privacy and cybersecurity challenges and controversies reverberated through all aspect of business, government and culture in the year coming to a close. Related: Thumbs up for Biden’s cybersecurity exec order. Last Watchdog sought commentary from technology thought leaders about lessons … (more…). The post ROUNDTABLE: Cybersecurity experts reflect on 2021, foresee intensifying challenges in 2022 appeared first on Security Boulevard.
CSO Magazine
DECEMBER 13, 2021
President Biden’s wide-ranging cybersecurity executive order issued last May directs the National Institute of Standards and Technology (NIST) to create pilot labeling programs to educate the public on the security of the internet-of-things (IoT) devices and software products they buy. The order requires NIST to produce by February 6, 2022, IoT cybersecurity criteria for a consumer labeling program and, separately, identify secure software development practices or criteria for a software labelin
Security Boulevard
DECEMBER 13, 2021
Over the last few years, cloud computing has been growing at a rapid rate. It has completely revolutionized the business world, enabling organizations to keep up with today’s increasingly digitized landscape. According to Grand View Research, the worldwide cloud computing market size was worth $274.79 billion in 2020 and is predicted to grow at a […].
Security Affairs
DECEMBER 13, 2021
Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The attempts were carried out by Muhstik and Mirai botnets in attacks aimed at Linux devices.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
CyberSecurity Insiders
DECEMBER 13, 2021
Can you believe that an unverified cyber threat has forced the Quebec government to shut over 4000 of its websites, all as a preventive measure to avoid extreme cyber troubles? This has happened in practical and was confirmed by Eric Caire, Quebec’s Digital Transformation Minister at a media briefing on Monday. Going deep into the announcement, it’s claimed that Quebec’s provincial government of Canada reacted because of an alert issued by its intelligence on Friday last week.
Malwarebytes
DECEMBER 13, 2021
There are many types of phishing attack nowadays, to the extent it can be tricky to keep up with them all. We have unique names for mobile attacks, postal attacks, threats sent via SMS and many more besides. However, we often see folks mix up their spears and their whales, and even occasionally confuse them with regular phish attempts. We’re here to explain exactly what the difference between all three terms is.
CyberSecurity Insiders
DECEMBER 13, 2021
A Colorado based energy provider dubbed Delta-Montrose Electric Association (DMEA) has made it official that it suffered a cyber attack early last month and wiped out historical information collected in the past 25 years, disrupting 90% of automated internal controls to the core. Although the attack was of ransomware genre, officials related to the energy provider failed to make it public last month for reasons best known to them.
Dark Reading
DECEMBER 13, 2021
Every high-profile breach leaves a trail of bread crumbs, and defenders who monitor access brokers can connect the dots and detect attacks as they unfold.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
211 
Let's personalize your content