Dark Reading
DECEMBER 10, 2021
A remote code execution vulnerability in Log4j presents a bigger threat to organizations than even the infamous 2017 Apache Struts vulnerability that felled Equifax, they say.
Security Affairs
DECEMBER 10, 2021
Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library. Apache Log4j2 jndi RCE #apache #rce [link] pic.twitter.com/CdSlSCytaD — p0rz9 (@P0rZ9) December 9, 2021.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
eSecurity Planet
DECEMBER 10, 2021
A critical vulnerability in the open-source logging software Apache Log4j 2 is fueling a chaotic race in the cybersecurity world, with the Apache Software Foundation (ASF) issuing an emergency security update as bad actors searched for vulnerable servers. Log4j 2, developed by the ASF, is a widely used Java package that enables logging in an array of popular applications.
Security Affairs
DECEMBER 10, 2021
Swedish automotive manufacturer Volvo Cars revealed that has suffered a cyberattack that resulted in the theft of R&D data. Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems. In 2010, Volvo Cars became a subsidiary of the Chinese manufacturer Geely Holding Group, which confirmed that it “has become aware that one of its file repositories has been illegally accessed by a third party.” “Investigations so far confi
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Threatpost
DECEMBER 10, 2021
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Dark Reading
DECEMBER 10, 2021
The latest NIST publication outlines how organizations can build systems that can anticipate, withstand, recover from, and adapt to cyberattacks.
Threatpost
DECEMBER 10, 2021
Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.
Dark Reading
DECEMBER 10, 2021
The Dark Reading editorial team, along with contributing writers and editors, share their favorite stories and memories of co-founder and editor-in-chief Tim Wilson, an influential editor and well-respected thought leader in the cybersecurity industry.
WIRED Threat Level
DECEMBER 10, 2021
The flaw in the logging framework has security teams scrambling to put in a fix.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Dark Reading
DECEMBER 10, 2021
Exploring ransomware and other data integrity risks from accelerated digital transformation in the wake of COVID-19.
WIRED Threat Level
DECEMBER 10, 2021
The attempt to block the site, which helps users mask their online activity, is the latest step in the country's efforts to control the internet.
Security Affairs
DECEMBER 10, 2021
BlackCat is the first professional ransomware strain that was written in the Rust programming language, researchers reported. Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language. There is a very interesting new Rust coded ransomware (first ITW?
Threatpost
DECEMBER 10, 2021
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Dark Reading
DECEMBER 10, 2021
With more staff working remotely, identity, authentication, and access (IAA) has never been more important. Market forecasts, drivers, and trends are explored.
Security Affairs
DECEMBER 10, 2021
Wordfence experts detected a massive wave of attacks in the last couple of days that targeted over 1.6 million WordPress sites. Wordfence researchers spotted a massive wave of attacks in the days that are targeting over 1.6 million WordPress sites from 16,000 IPs. “Today, on December 9, 2021, our Threat Intelligence team noticed a drastic uptick in attacks targeting vulnerabilities that make it possible for attackers to update arbitrary options on vulnerable sites.
Threatpost
DECEMBER 10, 2021
The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.
Security Affairs
DECEMBER 10, 2021
The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks again multiple Australian organizations. The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks against multiple Australian organizations from various sectors since November. “The ACSC is aware of multiple instances of Australian organisations that have been impacted by Conti ransomware in November and December 2021.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
IG Guru
DECEMBER 10, 2021
CompTIA Data+ will launch in Q1 2022.CompTIA Data+ gives you the confidence to bring data analysis to life. As the importance for data analytics grows, more job roles are required to set context and better communicate vital business intelligence. Collecting, analyzing, and reporting on data can drive priorities and lead business decision-making. CompTIA Data+ validates […].
Dark Reading
DECEMBER 10, 2021
This Tech Tip outlines how enterprise defenders can mitigate the risks of the Log4j vulnerabilities for the short-term while waiting for updates.
Threatpost
DECEMBER 10, 2021
Scammers are using fake job listings to empty the wallets of young, hopeful victims looking to break into the gaming industry.
Dark Reading
DECEMBER 10, 2021
RLBox can be used to protect web browsers and other software applications from vulnerabilities in subcomponents and libraries.
Advertisement
If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.
OpenText Information Management
DECEMBER 10, 2021
We continue the conversation with Fabian Franco, Senior Manager of Digital Forensic Incident Response (DFIR), Threat Hunting and Security Operations, OpenText, and Kevin Golas, Director of Worldwide Cyber Security Services, OpenText as they share their thoughts on how organizations can benefit from a managed detection and response solution and improve their post-breach response.
Dark Reading
DECEMBER 10, 2021
Oleg Koshkin was sentenced for running a crypting service used to hide the Kelihos malware from antivirus software.
Reltio
DECEMBER 10, 2021
Your data fuels your business and your digital transformation. Your ability to run a digital business and make insightful decisions depends heavily on how well you manage your core data. Yet, these days with the proliferation of apps and data stores across cloud and on-premises environments, managing your data is not a trivial task. At Reltio, we know what is at stake and what type of simplifications and sophisticated data practices customers require to accelerate value from their data.
The Security Ledger
DECEMBER 10, 2021
Rodney Petersen, the director of the National Initiative for Cybersecurity Education (NICE) talks about the massive shortage of information security workers at the United States - estimated at more than 400,000 workers. The post Episode 231: Solving the US’s Endemic Cybersecurity Worker Shortage appeared first on The Security Ledger with Paul F. Read the whole entry. » Click the icon below to listen.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
Schneier on Security
DECEMBER 10, 2021
The Far Side is always good for a squid reference. Here’s a recent one. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Expert insights. Personalized for you.
139 
Let's personalize your content