Schneier on Security
DECEMBER 22, 2021
The US has returned $154 million in bitcoins stolen by a Sony employee. However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii’s wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI’s bitcoin wallet.
Tech Republic Security
DECEMBER 22, 2021
Log4Shell is a dangerous security concern — and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Daniel Miessler
DECEMBER 22, 2021
I get asked a lot what my go-tos are for security content. My top four recommendations are Darknet Diaries , Risky Business , Unsupervised Learning (yes, my own show), and TL;DRSec. What’s so interesting about these four is how different they are. I did this analysis so I could capture what I cared about and how each of them provides those items in different amounts—which allows me to make better recommendations to people.
Bleeping Computer
DECEMBER 22, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of a scanner for identifying web services impacted by& two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. [.].
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
DECEMBER 22, 2021
Did you give or receive a toy or new parental control or security app for the holidays? While well intentioned, you may have inadvertently created a security breach for the recipient or opened your family up to unwanted surveillance. The Internet of security breaches The Internet of Things (IoT) is not just for your smart. The post The gift that keeps on giving: 7 tips to avoid cyber security threats appeared first on Allot's Network Security & IoT Blog for CSPs & Enterprises.
CSO Magazine
DECEMBER 22, 2021
The Apache Log4j vulnerability has made global headlines since it was discovered in early December. The flaw has impacted vast numbers of organizations around the world as security teams have scrambled to mitigate the associated risks. Here is a timeline of the key events surrounding the Log4j vulnerability as they have unfolded. Thursday, December 9: Apache Log4j zero-day exploit discovered.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
eSecurity Planet
DECEMBER 22, 2021
When it comes to managing cybersecurity risk , approximately 35 percent of organizations say they only take an active interest if something bad happens. But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.
CyberSecurity Insiders
DECEMBER 22, 2021
An unprotected cloud server is said to have led the security researchers belonging to UK’s National Cyber Security Centre (NCSC) to a data trove of a quarter billion passwords. And the cyber arm of GCHQ says that most of the leaked credentials could have been used by cyber criminals by now. In order to access the seriousness of the situation with the compromised passwords, a team from NCSC contacted Troy Hunt, who runs a website known as Have I been Pwned (HIBP).
Bleeping Computer
DECEMBER 22, 2021
Microsoft said it won't fix or is delaying patches for several security flaws impacting Microsoft Teams' link preview feature reported since March 2021. [.].
CSO Magazine
DECEMBER 22, 2021
The past two years have provided CISOs a bit of a reprieve with respect to protecting company data while employees are in travel mode. While the gulp of fresh air may have felt great, upon exhaling we realize that many of those working from home are in fact traveling for pleasure and to distance themselves from the pandemic to continue working. Now, with the ubiquitous COVID testing and vaccine protocols, business travel is on the uptick.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 22, 2021
A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message. [.].
We Live Security
DECEMBER 22, 2021
Don't leave your kids to their own devices – give them a head start with staying safe online instead. The post This holiday season, give your children the gift of cybersecurity awareness appeared first on WeLiveSecurity.
Bleeping Computer
DECEMBER 22, 2021
The Department of Homeland Security (DHS) has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities. [.].
CSO Magazine
DECEMBER 22, 2021
The year 2021 was unprecedented in the strain it placed on cybersecurity professionals. From the beginning of the year through now, incident responders and network defenders have been whipsawed by a seemingly endless array of unparalleled back-to-back security emergencies. In the words of researcher Kevin Beaumont, “We’ve reached peak cyber for 2021.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Threatpost
DECEMBER 22, 2021
Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects.
Security Boulevard
DECEMBER 22, 2021
Over the holidays many of us travel to visit friends and family or take a break elsewhere. The last thing we expect is to become a victim of a data breach or digital theft. The post Traveling During the Holidays? Watch Out for These 3 Cybersecurity Dangers appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 22, 2021
?A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. [.].
Heimadal Security
DECEMBER 22, 2021
Security experts, researchers, and cyber enthusiasts abound on Twitter, eager to share their ideas, news, and research on information security, industry best practices, and the most recent dangers. If you’re using Twitter and want to stay on top of the biggest cybersecurity news out there, you may be asking which are the best accounts you […].
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Dark Reading
DECEMBER 22, 2021
Once the dust settles on Log4j, many IT teams will brush aside the need for the fundamental, not-exciting need for better asset and application management.
Threatpost
DECEMBER 22, 2021
Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack.
The Hacker News
DECEMBER 22, 2021
China's internet regulator, the Ministry of Industry and Information Technology (MIIT), has suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months for failing to promptly report a critical security vulnerability affecting the broadly used Log4j logging library.
Security Affairs
DECEMBER 22, 2021
US CISA release of a scanner for identifying web services affected by two Apache Log4j remote code execution vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
DECEMBER 22, 2021
Microsoft said it won't be fixing or is pushing patches to a later date for three of the four security flaws uncovered in its Teams business communication platform earlier this March.
Security Boulevard
DECEMBER 22, 2021
As a follow up to our other blog post related to CVE-2021-44228, the Remote Code Execution (RCE) vulnerability affecting Apache Log4j, we wanted to go into analysis of a log4shells attack. Who is vulnerable? Basically, this vulnerability affects any apache web server using vulnerable versions (2.11.0 – 2.14.1) of the log4j logger. The list of…. The post Log4J/Log4Shells Exploit Analysis (CVE-2021-44228) appeared first on Infocyte.
Security Affairs
DECEMBER 22, 2021
A vulnerability in the Microsoft Azure App Service led to the exposure of customer source code for at least four years. Early this month, Microsoft has notified a small group of Azure customers that have been impacted by a recently discovered bug, dubbed NotLegit, that exposed the source code of their Azure web apps since at least September 2017. The NotLegit vulnerability was likely exploited by threat actors in attacks in the wild.
CyberSecurity Insiders
DECEMBER 22, 2021
Britain-based data security firm NCC Group has released a report that most of the double extortion attacks launched in November 2021 were driven by PYSA ransomware aka Mespinoza. In an analysis related to malware rise, the NCC Group discovered that over 50% of infections were linked to PYSA that became dominant to other groups like Lockbit and Conti.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Bleeping Computer
DECEMBER 22, 2021
NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide. [.].
CyberSecurity Insiders
DECEMBER 22, 2021
In a surprising revelation, over 72% of Americans stated they distrust Facebook and its management regarding data and privacy. Over 56% of Americans believe that the social media giant is causing a negative impact on the society. The Washington Post was the source that conducted the survey and stated that the populace of North America also distrusts other online service platforms, such as TikTok, WhatsApp and Instagram, with many suggesting a kind of restriction be placed on their usage from nex
Dark Reading
DECEMBER 22, 2021
A new study investigating consumer password use found 25% of online shoppers would abandon their carts of $100 if prompted to reset a password at checkout.
McAfee
DECEMBER 22, 2021
Threat Summary. Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
230 
Let's personalize your content