CISA issues Emergency Directive On Log4j.

Views expressed in this cyber-intelligence update are those of the reporters and correspondents.

Accessed on 18 December 2021, 1418 UTC.

Content supplied by “DarkReading.com.”

Source:  https://www.darkreading.com/

Please click link or scroll down to read your selections.


Latest News

Meta Acts Against 7 Entities Found Spying on 50,000 Users

The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance.


PseudoManuscrypt Malware Targeted Government & ICS Systems in 2021

The “PseudoManuscrypt” operation infected some 35,000 computers with cyber-espionage malware and targeted computers in both government and private industry.



CISA Issues Emergency Directive on Log4j

The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it.


Why Log4j Mitigation Is Fraught With Challenges

The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization’s own networks and systems.


Phorpiex Botnet Variant Spread Across 96 Countries

A new variant dubbed “Twizt” has hijacked 969 transactions and stolen the equivalent of nearly $500,000 USD.


Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft

Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.


Companies Must Assess Threats to AI & ML Systems in 2022: Microsoft

Most companies lack the proper tools to assess their vulnerability to threats facing their AI systems and ML pipelines, prompting Microsoft to release a risk assessment framework.


Dept. of Homeland Security Launches ‘Hack DHS’ Program

A new bug bounty program aims to find potential security flaws within certain DHS systems and strengthen the department’s security posture.


Latest Commentary

Timely Questions for Log4j Response Now — And for the Future

EXPERT INSIGHT: How to assess your exposure to the vulnerability with a combination of asset inventory, testing, solid information sources, and software bills of materials (SBOMs).

Dec 17, 2021


Is Data Security Worthless if the Data Life Cycle Lacks Clarity?

If you cannot track, access, or audit data at every stage of the process, then you can’t claim your data is secure.

Dec 17, 2021



Log4Shell: The Big Picture

A look at why this is such a tricky vulnerability and why the industry response has been good, but not great.

Dec 16, 2021


Dear Congress: It’s Complicated. Please Consider This When Crafting New Cybersecurity Legislation

As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation?

Dec 16, 2021


Privacy and Safety Issues With Facebook’s New ‘Metaventure’

With access to a user’s 3D model and full-body digital tracking, attackers can recreate the perfect replica of a C-level executive to trick employees.

Dec 15, 2021



Cybersecurity In-Depth

Go to The Edge

How Risky Is the Log4J Vulnerability?
Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really?
Executive Partnerships Are Critical for Cybersecurity Success
One leader alone can’t protect an organization from cyber threats, C-suite leaders agree.
What Are the Pros and Cons of a SASE Architecture?
SASE is a promising and burgeoning networking architecture approach, but it’s not without some challenges.

Tech News and Analysis

Go to DR Tech

Why Classifying Ransomware as a National Security Threat Matters
Government actions help starve attack groups of the resources – money, ability to recruit, and time.
New Firefox Sandbox Isolates Third-Party Libraries
RLBox can be used to protect web browsers and other software applications from vulnerabilities in subcomponents and libraries.
Remote Browser Isolation Stars in Content Protection Role
The entertainment industry has long had to deal with the challenge of protecting their high-value content and intellectual property. Enter remote browser isolation (RBI).

 

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.  Thanks for joining us today.

Russ Roberts

https://cyber-security-intelligence.org