CISA issues Emergency Directive On Log4j.
Views expressed in this cyber-intelligence update are those of the reporters and correspondents.
Accessed on 18 December 2021, 1418 UTC.
Content supplied by “DarkReading.com.”
Please click link or scroll down to read your selections.
Dec 17, 2021
The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance.
The “PseudoManuscrypt” operation infected some 35,000 computers with cyber-espionage malware and targeted computers in both government and private industry.
The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it.
The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization’s own networks and systems.
A new variant dubbed “Twizt” has hijacked 969 transactions and stolen the equivalent of nearly $500,000 USD.
Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.
Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.
A new bug bounty program aims to find potential security flaws within certain DHS systems and strengthen the department’s security posture.
Timely Questions for Log4j Response Now — And for the Future
EXPERT INSIGHT: How to assess your exposure to the vulnerability with a combination of asset inventory, testing, solid information sources, and software bills of materials (SBOMs).
Is Data Security Worthless if the Data Life Cycle Lacks Clarity?
If you cannot track, access, or audit data at every stage of the process, then you can’t claim your data is secure.
Log4Shell: The Big Picture
A look at why this is such a tricky vulnerability and why the industry response has been good, but not great.
Dear Congress: It’s Complicated. Please Consider This When Crafting New Cybersecurity Legislation
As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation?
Privacy and Safety Issues With Facebook’s New ‘Metaventure’
With access to a user’s 3D model and full-body digital tracking, attackers can recreate the perfect replica of a C-level executive to trick employees.
For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts. Thanks for joining us today.