CISA, the FBI, the NSA and several of their international law enforcement partners have issued a joint advisory on the known vulnerabilities in the Apache Log4j software library urging "any organization using products with Log4j to mitigate and patch immediately."
An authentication bypass vulnerability in Zoho's widely used unified endpoint management tool, ManageEngine Desktop Central, is being used by advanced persistent threat actors to gain remote access permissions, the FBI says.
A week after announcing a new bug bounty program called "Hack DHS," U.S. Department of Homeland Security Secretary Alejandro Mayorkas announced that DHS is expanding the scope of the program to include finding and patching Log4j-related vulnerabilities in the systems.
DMARC, SPF, and DKIM are global anti-domain-spoofing standards, which can significantly cut down on phishing attacks. Implemented correctly they allow you to monitor email traffic, quarantine suspicious emails, and reject unauthorized emails. But less than 30% of organizations are actually using them. And even fewer...
The Log4j vulnerability has underscored once again the widespread dependence on open-source software projects and the lurking risks. Patrick Dwyer of OWASP says such projects deserve more resources to avoid major security vulnerabilities.
The Belgian Ministry of Defense, which is responsible for national defense and the Belgian military, announced on Monday that it has fallen victim to a cyberattack officials say relates to the widespread Apache Log4j vulnerability. The attack "paralyzed the ministry's activities for several days."
The banking and financial services sector is the single most important target for cybercriminals. Banks and financial institutions safeguard incredibly sensitive data of users and employees alike, and data breaches can be costly both in terms of leaked data and financial penalties incurred. Cybercriminals constantly...
An Indian joint parliamentary committee has reintroduced set penalties for data violations after yielding to opposition demands. Some cyber law experts still believe it is unlikely organizations will be heavily penalized owing to deficiencies in the country's legal procedures.
For anyone hoping to celebrate the decline and fall of ransomware by year's end, think again. While some notable operations have bowed out - at least in name - threat intelligence firm Intel 471 warns that newcomers now account for the majority of attacks, and attack volume is "still on the rise."
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including mitigating the Apache Log4j zero-day vulnerability, findings from a new report analyzing the Conti ransomware attack on Ireland's Health Services Executive and President Biden's drive to...
The latest edition of the ISMG Security Report features an analysis of the Log4j security flaw, including the risks and mitigation techniques, how to patch Log4j, and CISO Dawn Cappelli on Log4j response.
Ransomware attackers commonly bypass traditional email gateways,
targeting people directly to gain access to a company’s systems.
The answer? Replace these porous controls with a people-centric
security strategy, says Matt Cooke of Proofpoint.
Download this eBook to learn more about:
How ransomware attackers...
The new U.K cyber strategy calls for a balanced partnership across the public, private and third sectors. The government is to provide a 2.6 billion-pound investment in a more proactive approach to fostering and protecting the U.K.’s competitive advantage critical cyber technologies.