In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
No matter the root cause, the result is the same: reputation damage, fines, compliance issues, and of course the ripple effects that extend outward from a breach.
We began last January with the realization that we have met a new and far more difficult class of cyber threat with the SolarWinds attack followed by the Colonial Pipeline attack in May. Both point to a fully wired world where physical and digital are colliding at unprecedented speeds.
If we had to choose a theme...
Microsoft released its first rollout of 2022 patches that covers 96 new CVEs, plus 24 CVEs patched by Microsoft Edge (Chromium-based) earlier this month and two other CVEs fixed previously in open-source projects. This makes a January total of 122 CVEs. Nine are rated critical in severity.
Attackers wielding Night Sky ransomware are among the latest groups that have been attempting to exploit critical vulnerabilities in widely used Apache Log4j software. Microsoft says that among other attacks, a China-based ransomware operator has been exploiting Log4j flaws in VMware Horizon.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
A security researcher in Germany says he's discovered a software flaw affecting a small number of Teslas, allowing him to unlock doors and windows, start vehicles without keys and disable security systems. The flaw, however, does not affect steering, acceleration or braking.
Kerissa Varma, managing executive for cybersecurity at Vodacom, a South African-based mobile communications company, says simulation is the key to a good incident response plan. She discusses her cybersecurity priorities for 2022.
Cybersecurity in today's world is no longer primarily about the implementation of products or solutions. It is more about the analysis of behavior and the ecosystem. Krishnamurthy Rajesh of ICRA discusses the role of artificial intelligence and the need for collaboration among business functions.
The U.S. Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency warn in a joint advisory that state-sponsored Russian attackers are actively exploiting and seeking to cause disruption to critical infrastructure, and it urges defenders to mitigate commonly seen attack vectors.
The Cyberspace Administration of China's new regulation for companies that offer algorithm-based recommendation services has been met with caution. Some statements in the regulation, which is to go into effect on March 1, are vague enough to be abused, and confidentiality is also a concern.
Top U.S. cybersecurity leaders continue to warn against the peril of Apache Log4j vulnerabilities, confirming on Monday that hundreds of millions of devices worldwide are likely affected by the logging utility flaw, although the response, in terms of scope and speed, has been "exceptional."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.
