Hawaii Cybersecurity Digest

Latest trends in cybersecurity, cybercrime, cyberwar, and information security.

Cyber Crime, Cyber Intelligence, Cyber Security, Cyber War, Information Security

CSO Security News and Features

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps.

Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.

Accessed on 12 December 2021, 2344 UTC.

Content supplied by https://www.csoonline.com/

Source:  https://www.csoonline.com/

Please click link or scroll down to read your selections.

Copy generated by “Reader Mode.”


Abstract Java code

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

Penetration testing explained: How ethical hackers simulate attacks

Penetration testing is a means of evaluating the security of a network or computer system by attempting to break into it. It is an exercise undertaken by professional pen testers (aka ethical hackers) with the permission of the…

Top cybersecurity M&A deals for 2021

The cybersecurity market is hot, and vendors are buying competitors to solidify their position or acquiring other firms to expand their offerings.

Researchers warn about continuous abuse of unpatched MikroTik routers

Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.

VMware launches Carbon Black Cloud MDR to bolster SOC efficiency

VMware’s Carbon Black Cloud Managed Detection and Response (MDR) is designed to help company security operations centers (SOCs) gain efficiency with improved threat advisory and containment.

McAfee, FireEye offer integration with AWS for cloud workload security

McAfee is integrating FireEye Helix with AWS’ Inspector cloud security tool, to allow companies to more easily apply behavior analysis and machine learning techniques to risk detection for cloud workload data.

Google disrupts major malware distribution network Glupteba

The botnet take-down is believed to be temporary as the criminal group has a backup command-and-control mechanism based on Bitcoin blockchain.

Your Microsoft network is only as secure as your oldest server

It’s time to inventory your network to identify systems to replace or migrate away from.

How CISOs can drive the security narrative

If you want people to follow proper security practices, they need to understand why. That’s best done by telling a good story.

Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild

Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.

Collect today, decrypt tomorrow: How Russia and China are preparing for quantum computing

All encrypted data will eventually become vulnerable to quantum computing along with the secrets they hold.

U.S. Cyber Command’s actions against ransomware draw support and criticism

The actions, which temporarily took down REvil, raise questions about using the military to combat ransomware.

Ubiquiti breach an inside job, says FBI and DoJ

Investigators claim Ubiquiti employee Nikolas Sharp stole company data and then played the role of whistleblower to draw attention away from is actions.

A security practitioner’s take on CISA’s Incident and Vulnerability Response Playbooks

The new CISA playbooks provide sound guidance on incident and vulnerability response, but mainly from a process perspective.

Malware variability explained: Changing behavior for stealth and persistence

More malware is designed to be variable, choosing which computers to infect or even the type of attack to execute.

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts. Thanks for joining us today.

Russ Roberts


Leave a Reply Cancel reply