Supply chain attacks show why you should be wary of third-party providers.
Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.
Accessed on 03 January 2021, 1157 UTC.
Content provided by “CSOonline.com.”
Please click link or scroll down to read your selections.
The Log4j vulnerability puts great pressure on security teams already stretched thin dealing with ransomware and other attacks. This advice will help them cope.
The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.
Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID.
New joint solution enhances ability to predict, detect, and respond to cyberattacks at scale across endpoints, networks, identities, cloud, and workspaces.
Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.
The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it.
Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.
VMware’s Carbon Black Cloud Managed Detection and Response (MDR) is designed to help company security operations centers (SOCs) gain efficiency with improved threat advisory and containment.
McAfee is integrating FireEye Helix with AWS’ Inspector cloud security tool, to allow companies to more easily apply behavior analysis and machine learning techniques to risk detection for cloud workload data.
The botnet take-down is believed to be temporary as the criminal group has a backup command-and-control mechanism based on Bitcoin blockchain.
Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.
The actions, which temporarily took down REvil, raise questions about using the military to combat ransomware.
Investigators claim Ubiquiti employee Nikolas Sharp stole company data and then played the role of whistleblower to draw attention away from is actions.
The facial recognition company is cited for not having proper data protection processes in place or a lawful reason to collect personal information, among other violations.
Researchers have discovered two dangerous vulnerabilities in HP multifunction printers that use its FutureSmart firmware, including one that is exploitable remotely.
Continuity Software analyzed systems from businesses in multiple industry sectors in the US, Europe, and Middle East, finding that storage system security lags behind compute and network security.
Experts at a NIST-sponsored workshop weigh in on what might be in the final version of the Biden executive-order-mandated supply chain security guidelines.
Unlike other groups, Void Balaur will target individuals and organizations in Russian-speaking countries and seems to have intimate knowledge of telecom systems.
For the latest cybersecurity news and information, please check the blog sidebar and links.