Security leaders on how to cope with stress of Log4j.
Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.
Accessed on 30 December 2021, 1405 UTC.
Content provided by “CSOonline.com.”
Please click link or scroll down to read your selections.
The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.
Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID.
New joint solution enhances ability to predict, detect, and respond to cyberattacks at scale across endpoints, networks, identities, cloud, and workspaces.
Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.
Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.
The botnet take-down is believed to be temporary as the criminal group has a backup command-and-control mechanism based on Bitcoin blockchain.
Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.
The actions, which temporarily took down REvil, raise questions about using the military to combat ransomware.
Investigators claim Ubiquiti employee Nikolas Sharp stole company data and then played the role of whistleblower to draw attention away from is actions.
The facial recognition company is cited for not having proper data protection processes in place or a lawful reason to collect personal information, among other violations.
Researchers have discovered two dangerous vulnerabilities in HP multifunction printers that use its FutureSmart firmware, including one that is exploitable remotely.
Continuity Software analyzed systems from businesses in multiple industry sectors in the US, Europe, and Middle East, finding that storage system security lags behind compute and network security.
Experts at a NIST-sponsored workshop weigh in on what might be in the final version of the Biden executive-order-mandated supply chain security guidelines.
Unlike other groups, Void Balaur will target individuals and organizations in Russian-speaking countries and seems to have intimate knowledge of telecom systems.
Research reveals that countries such as Belarus, India, and Colombia are responsible for significant cyberattacks.
Cybersecurity firm SEON has come up with a snapshot of how the threat of cybercrime differs around the world, ranking countries that are most and least vulnerable.
The NUCLEUS:13 vulnerabilities can allow remote code execution or denial of service attacks. Billions of devices could be affected.
Some of the 14 vulnerabilities could result in remote code execution or denial of service attacks.
For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.
Russ Roberts (https://cyber-security-intelligence.org).