Why Log4j mitigation is fraught with challenges.

Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.

Accessed on 17 December 2021, 0418 UTC.

Content provided by https://www.darkreading.com

Source:  https://www.darkreading.com/

Please click link or scroll down to read your selections.

Latest News

Why Log4j Mitigation Is Fraught With Challenges

The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization’s own networks and systems.

Phorpiex Botnet Variant Spread Across 96 Countries

A new variant dubbed “Twizt” has hijacked 969 transactions and stolen the equivalent of nearly $500,000 USD.

Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft

Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.

Companies Must Assess Threats to AI & ML Systems in 2022: Microsoft

Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.

Dept. of Homeland Security Launches ‘Hack DHS’ Program

A new bug bounty program aims to find potential security flaws within certain DHS systems and strengthen the department’s security posture.

Meta Expands Bug-Bounty Program to Include Data Scraping

Scraping bugs and scraped databases are two new areas of research for the company’s bug-bounty and data-bounty programs.

Attackers Target Log4j to Drop Ransomware, Web Shells, Backdoors

Amid the increase in Log4j attack activity, at least one Iranian state-backed threat group is preparing to target the vulnerability, experts say.

Propane Gas Distributor Hit With Ransomware

North America-based Superior Plus “temporarily disabled” some of its systems in the wake of the attack.

Latest Commentary

Log4Shell: The Big Picture

A look at why this is such a tricky vulnerability and why the industry response has been good, but not great.

Dec 16, 2021

Dear Congress: It’s Complicated. Please Consider This When Crafting New Cybersecurity Legislation

As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation?

Dec 16, 2021

Privacy and Safety Issues With Facebook’s New ‘Metaventure’

With access to a user’s 3D model and full-body digital tracking, attackers can recreate the perfect replica of a C-level executive to trick employees.

Dec 15, 2021

Why Cloud Storage Isn’t Immune to Ransomware

Cloud security is a shared responsibility. which sometimes leads to security gaps and complexity in risk management.

Dec 15, 2021

Source Code Leaks: The Real Problem Nobody Is Paying Attention To

Source code is a corporate asset like any other, which makes it an attractive target for hackers.

Dec 14, 2021

Cybersecurity In-Depth

Go to The Edge

What Are the Pros and Cons of a SASE Architecture?
SASE is a promising and burgeoning networking architecture approach, but it’s not without some challenges.
NIST Cyber-Resiliency Framework Extended to Include Critical Infrastructure Controls
The latest NIST publication outlines how organizations can build systems that can anticipate, withstand, recover from, and adapt to cyberattacks.
Why Red Teaming While Black Can Be Risky
Penetration audits can be dangerous for people of color. Here is how to keep Black and brown cybersecurity professionals safe during red team engagements.

Tech News and Analysis

Go to DR Tech

Why Classifying Ransomware as a National Security Threat Matters
Government actions help starve attack groups of the resources – money, ability to recruit, and time.
New Firefox Sandbox Isolates Third-Party Libraries
RLBox can be used to protect web browsers and other software applications from vulnerabilities in subcomponents and libraries.
Remote Browser Isolation Stars in Content Protection Role
The entertainment industry has long had to deal with the challenge of protecting their high-value content and intellectual property. Enter remote browser isolation

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.  Thanks for joining us today.

Russ Roberts