A data breach at Volvo Cars involving intellectual property theft highlights the need for identity and access management and deployment of next-gen cybersecurity measures, such as automotive security operations centers, or ASOCs, some experts say.
CISA, the FBI, the NSA and several of their international law enforcement partners have issued a joint advisory on the known vulnerabilities in the Apache Log4j software library urging "any organization using products with Log4j to mitigate and patch immediately."
An authentication bypass vulnerability in Zoho's widely used unified endpoint management tool, ManageEngine Desktop Central, is being used by advanced persistent threat actors to gain remote access permissions, the FBI says.
Since mid-December, enterprises globally have been responding to the urgency of the Apache Log4j zero-day vulnerability. John Ayers of Optiv discusses Optiv MXDR and how it helps customers detect, respond and provide visibility to protect from potential exploits.
A week after announcing a new bug bounty program called "Hack DHS," U.S. Department of Homeland Security Secretary Alejandro Mayorkas announced that DHS is expanding the scope of the program to include finding and patching Log4j-related vulnerabilities in the systems.
Microsoft is urging customers to apply patches issued in November for two Active Directory domain controller bugs following publication of a proof-of-concept tool that leverages these bugs, which when chained can allow easy Windows domain takeover.
Michael Lines is working with Information Security Media Group to promote awareness of the need for cyber risk management, and as a part of that initiative, the CyberEdBoard will post draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This post's chapter is...
The Log4j vulnerability has underscored once again the widespread dependence on open-source software projects and the lurking risks. Patrick Dwyer of OWASP says such projects deserve more resources to avoid major security vulnerabilities.
The Belgian Ministry of Defense, which is responsible for national defense and the Belgian military, announced on Monday that it has fallen victim to a cyberattack officials say relates to the widespread Apache Log4j vulnerability. The attack "paralyzed the ministry's activities for several days."
Cyber GRX senior director and CyberEdBoard executive member Peter Gregory discusses data everyone has that is an asset, but also a liability - your contact list - and how to decrease your chances of it turning toxic.
A Trojanized malicious software known as "Joker" malware has made a comeback and was detected in a Google Play app downloaded more than 500,000 times, researchers say. Found this time on an app called Color Message, Joker had the ability to go undetected for long periods of time.
A top U.S. Department of the Treasury official said financial regulators are prepared to extend existing authorities to rein in stablecoins, although Treasury officials hope instead that Congress will move on key legislation to regulate the space.
Apache has released Log4j version 2.17 to fix yet another high-severity denial-of-service vulnerability - tracked as CVE-2021-45105 with a CVSS score of 7.5 - that affects all versions from 2.0-beta9 to 2.16.0.
Multiple new attacks exploiting the explosive Apache Log4j vulnerabilities have been uncovered, including a newly discovered JavaScript WebSocket attack, threat actors injecting Monero miners via Remote Method Invocation and the comeback of an old and relatively inactive ransomware family.
In an emergency directive issued on Friday regarding the explosive Apache Log4j vulnerabilities, CISA has required federal civilian departments and agencies to assess their internet-facing network assets and immediately patch the systems or implement appropriate mitigation measures.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.