Troy Hunt
DECEMBER 15, 2021
A decade and a bit ago during my tenure at Pfizer, a colleague's laptop containing information about customers, healthcare providers and other vendors was stolen from their car. The machine had full disk encryption and it's not known whether the thief was ever actually able to access the data. It's not clear if the car was locked or not.
Tech Republic Security
DECEMBER 15, 2021
As cybercriminals scan for susceptible servers, there are steps you can take to mitigate the Log4j critical vulnerability.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
DECEMBER 15, 2021
Finding attackable open source vulnerabilities in JS applications with an intelligent SCA approach. Open Source Software (OSS) is at the core of today’s information technology. About 80% of companies run their operations on OSS and 96% of applications are built using open source components. Most of today’s commercial products are shipped with some OSS libraries.
Tech Republic Security
DECEMBER 15, 2021
For anyone looking to gain an extra layer of privacy on a desktop or laptop, Kodachi Linux might be the perfect option. Jack Wallen highlights this live Linux distribution.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
DECEMBER 15, 2021
As you may already know, the business, tech, and cybersecurity industries have been buzzing about Log4Shell ( CVE-2021-44228 ), aka Logjam, the latest software flaw in an earlier version of the Apache Log4j logging utility. As the name suggests, a logger is a piece of software that logs every event that happens in a computer system. The records it produces are useful for IT and security folks to trace errors or check any abnormal behavior within a system.
Tech Republic Security
DECEMBER 15, 2021
Initial access brokers are cybercriminals who specialize in breaching companies and then selling the access to ransomware attackers. Learn how to protect your business from IABs.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
DECEMBER 15, 2021
The attack has led to an outage expected to last weeks, leaving companies scrambling to make payroll with the holidays right around the corner.
Bleeping Computer
DECEMBER 15, 2021
A large-scale phishing study involving 14,733 participants over a 15-month experiment has produced some surprising findings that contradict previous research results that formed the basis for popular industry practices. [.].
CSO Magazine
DECEMBER 15, 2021
Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID. For the study, 100 IT and security executives were surveyed to understand recent changes made to cybersecurity infrastructures, their ability to handle cyberattacks and the role played by politics.
We Live Security
DECEMBER 15, 2021
Hundreds of thousands of attempts to exploit the vulnerability are under way. The post What every business leader needs to know about Log4Shell appeared first on WeLiveSecurity.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Heimadal Security
DECEMBER 15, 2021
Two days ago, we wrote a post about the Log4j vulnerability that is currently wreaking havoc on the cyberthreat landscape. The flaw stands for an open-source Java logging library. By exploiting this vulnerability present in software apps and services worldwide, being part of the Apache Logging Service, hackers can perform remote code execution attacks (RCE). […].
We Live Security
DECEMBER 15, 2021
The grand finale of our series dedicated to demystifying Latin American banking trojans. The post The dirty dozen of Latin America: From Amavaldo to Zumanek appeared first on WeLiveSecurity.
Bleeping Computer
DECEMBER 15, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and ongoing threats. [.].
CSO Magazine
DECEMBER 15, 2021
Unless you’ve been on a remote island without Internet access, you’ve seen the headlines and articles regarding the vulnerability in the logging software called Log4j. Log4j is a Java-based logging library used in many third-party applications. It is also part of Apache Logging Services. Large enterprise that code their own internal applications presumably have coders on staff who know they’ve used this software and are already taking steps to mitigate it.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CyberSecurity Insiders
DECEMBER 15, 2021
The holiday season is a hectic time for businesses but this year has brought additional challenges in supply chain delivery and staffing shortages. Yet spending is still expected to increase, and businesses must be prepared to capitalize on this holiday season and close out the year strong. Endpoints can play a vital role this holiday season by providing visibility into inventory levels, allowing self-service transactions, and granting access to critical business applications.
InfoWorld on Security
DECEMBER 15, 2021
Modern software development practices make securing the software supply chain more important than ever. Our code has dependencies on open source libraries which have dependencies on other libraries and so on—a chain of code that we didn’t develop, didn’t compile, and have little or no idea where it came from. Some of that code is almost ubiquitous. The Log4Shell exploit that caused havoc across the industry was from an exploit resulting from an old bug in a common Java logging component, log4j.
eSecurity Planet
DECEMBER 15, 2021
Nation-state cyber threat groups and ransomware attackers are moving in to exploit a critical flaw found in the seemingly ubiquitous Apache Log4j open-source logging tool, as attacks spread just days after the vulnerability that could affect hundreds of millions of devices was made public late last week. Microsoft researchers reported that the remote code execution (RCE) vulnerability is being exploited by nation-state groups associated with China, North Korea, Iran and Turkey, with the activity
The Hacker News
DECEMBER 15, 2021
Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to pummel unpatched systems with a variety of malware.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
PCI perspectives
DECEMBER 15, 2021
In the eighteen months plus since the outbreak of the COVID-19 global pandemic many businesses have had to reinvent themselves and adapt not only how they manage their business, but more importantly how they accept payments. Europe like most of the rest of the world saw a major switch to remote transactions and the world of e-commerce. On top of these significant changes, many organizations have also had to confront the practical and security challenges of employees first having to, and then wan
CyberSecurity Insiders
DECEMBER 15, 2021
As Cyber Threats seem to be ever growing, the UK government has devised a National Cyber Strategy aimed to protect the UK from the threats lurking in the current cyber world. In recent years, the businesses operating in UK have been constantly generating a revenue ranging anywhere between £6.5- £8.9 billion from over 46,700 skilled jobs and attracting more overseas investments.
CSO Magazine
DECEMBER 15, 2021
The mission of security leaders is to protect the trust that has taken years and a lot of execution to build. That trust runs deep: with customers, with partners, with the marketplace, and for many in the modern era, a trust built with regulators. As more of the business is engaged to deliver services or products while maintaining that trust, it’s important to build clarity on the type of security investments being made.
NSTIC
DECEMBER 15, 2021
Every day, NIST cybersecurity and privacy resources are being used throughout the world to help organizations manage cybersecurity and privacy risks. To assist our international colleagues, NIST has launched a new International Cybersecurity and Privacy Resources Site. The site includes translations of the Cybersecurity Framework, including a newly published Indonesian translation.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
DECEMBER 15, 2021
The average login credential attack now has a nearly one in 10 chance of succeeding. But how do fraudsters do it and why does it matter? The post Why fraudsters pretend to have better credentials than they actually do appeared first on NuData Security. The post Why fraudsters pretend to have better credentials than they actually do appeared first on Security Boulevard.
Threatpost
DECEMBER 15, 2021
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
Bleeping Computer
DECEMBER 15, 2021
Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks. [.].
CyberSecurity Insiders
DECEMBER 15, 2021
Kronos Private Cloud, a Massachusetts based payroll company, was subjected to a ransomware attack last week, disrupting most of its accounting servers; leaving many workers without their regular paychecks and bonuses for this Christmas 2021 season. Kronos, a business unit of software giant Ultimate Kronos Group (UKG) issued a clarity on the situation and stated that none of its customers or clients will be affected by the malware attack, as its incident response plan was well in place and has be
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
DECEMBER 15, 2021
Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers. [.].
Heimadal Security
DECEMBER 15, 2021
In a recent malware operation, the Anubis Android banking malware is targeting clients of approximately 400 banking institutions. The cybercriminals are attacking financial institutions, cryptocurrency wallets, and digital payment systems by posing as an Orange S.A. Android application intended to collect information such as: browsing cookies, passwords saved on browsers, credit card details.
Security Boulevard
DECEMBER 15, 2021
In my previous blog post, I talked about the MITRE ATT&CK framework and how it can help you determine possible threats and threat actors’ techniques so that you can better focus your limited resources on the more likely threats. The next question you might have is, “Am I being attacked?” and “Are my defenses working?” To. The post How to Determine if Your Network Security is Working appeared first on Security Boulevard.
Cisco Security
DECEMBER 15, 2021
In part one of this series we introduced the notion of risk-based extended detection with SecureX – the idea that a user can prioritise detections into incidents based on their idea of what constitutes risk in their environments and then extend those detections with enrichments from other products. In subsequent posts we are diving deeper into different Cisco Secure detection technologies and how their respective detections can be prioritised, promoted to SecureX as incidents and extended.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
320 
Let's personalize your content