Microsoft touts first PCs to ship natively with secure Pluton chip.

Views expressed in this cybersecurity-cybercrime update are those of the reporters and correspondents.

Accessed on 13 January 2022, 1356 UTC.

Content supplied by “CSOonline.com.”

Source: https://www.csoonline.com/news-analysis/

Please click link or scroll down to read your selections.

News Analyses

thinkstockphotos 499123970 laptop security

CISA sees no significant harm from Log4j flaws but worries about future attacks

The U.S. cybersecurity agency can’t rule out that adversaries are using Log4j to gain persistent access to launch attacks later.

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.

MITRE: To test and gain confidence in MSSPs, use ATT&CK framework

Companies have greater confidence in their own security teams than in MSSPs, according to a new survey. To better evaluate service provider capabilities, companies can apply techniques used by the ATT&CK (adversarial tactics,…

FTC, SEC raise legal risks surrounding the log4j flaw

The U.S. Federal Trade Commission also threatened possible legal action for companies that don’t address the risk from the Log4j vulnerabilities.

UK NCSC updates Cyber Essentials technical controls requirements and pricing structure

Technical controls update includes revisions surrounding the use of cloud services, multi-factor authentication, and password management. New pricing structure better reflects organisational size and complexity.

Security leaders on how to cope with stress of Log4j

The Log4j vulnerability puts great pressure on security teams already stretched thin dealing with ransomware and other attacks. This advice will help them cope.

VIDEO

What is the NIST Cybersecurity Framework? How risk management strategies can mitigate cyberattacks

Recently, U.S. Cyber Command confirmed it has acted against ransomware groups, underscoring the importance of cybersecurity to national security. Effective risk management frameworks, such as the NIST Cybersecurity Framework, can help…

Second Log4j vulnerability carries denial-of-service threat, new patch available

The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.

Survey: Hackers approach staff to assist in ransomware attacks

Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID.

Cybereason, Google Cloud launch XDR solution to streamline threat detection and response

New joint solution enhances ability to predict, detect, and respond to cyberattacks at scale across endpoints, networks, identities, cloud, and workspaces.

NIST gears up for software security and IoT labeling pilot programs

Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.

Researchers warn about continuous abuse of unpatched MikroTik routers

Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.

Google disrupts major malware distribution network Glupteba

The botnet take-down is believed to be temporary as the criminal group has a backup command-and-control mechanism based on Bitcoin blockchain.

Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild

Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.

U.S. Cyber Command’s actions against ransomware draw support and criticism

The actions, which temporarily took down REvil, raise questions about using the military to combat ransomware.

Ubiquiti breach an inside job, says FBI and DoJ

Investigators claim Ubiquiti employee Nikolas Sharp stole company data and then played the role of whistleblower to draw attention away from is actions.

UK ICO to fine Clearview AI £17 million for data protection law breaches

The facial recognition company is cited for not having proper data protection processes in place or a lawful reason to collect personal information, among other violations.

New HP MFP vulnerabilities show why you should update and isolate printers

Researchers have discovered two dangerous vulnerabilities in HP multifunction printers that use its FutureSmart firmware, including one that is exploitable remotely.

LOAD MORE

For the latest cybersecurity-cybercrime news and information, please check the blog sidebar and links.

Russ Roberts (https://cyber-security-intelligence.org).