The Last Watchdog

DECEMBER 13, 2021

Privacy and cybersecurity challenges and controversies reverberated through all aspect of business, government and culture in the year coming to a close. Related: Thumbs up for Biden’s cybersecurity exec order. Last Watchdog sought commentary from technology thought leaders about lessons learned in 2021– and guidance heading into 2022. More than two dozen experts participated.

Cybersecurity 219

Cybersecurity Authentication Ransomware Compliance 219

eSecurity Planet

DECEMBER 13, 2021

Cybersecurity vaccines are emerging as a new tool to defend against threats like ransomware and zero-day vulnerabilities. Cybersecurity firms have released “vaccines” in recent days to protect against the widely used STOP ransomware strain and the new Apache Log4Shell vulnerability. Germany-based G Data CyberDefense released software designed to trick the STOP ransomware variant into believing that a targeted system has already been compromised and keeping it from encrypting files af

Ransomware 135

Ransomware Cybersecurity Encryption IT 135

Threatpost

DECEMBER 13, 2021

Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking.

Ransomware 129

Ransomware Cloud IT Government 129

eSecurity Planet

DECEMBER 13, 2021

Cybercriminals are quickly ramping up efforts to exploit the critical flaw found in the widely used Log4j open-source logging tool, targeting everything from cryptomining to data theft to botnets that target Linux systems. The cybersecurity community is responding with tools for detecting exploitation of the vulnerability, a remote code execution (RCE) flaw dubbed Log4Shell and tracked as CVE-2021-44228.

Cybersecurity 130

Cybersecurity Honeypots Cloud Security 130

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Security Affairs

DECEMBER 13, 2021

Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The attempts were carried out by Muhstik and Mirai botnets in attacks aimed at Linux devices.

Mining 118

Mining Honeypots Libraries IT 118

Security Affairs

DECEMBER 13, 2021

Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device’s Bluetooth component. A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure Mobile Networking Lab, have discovered security vulnerabilities in WiFi chips that can be exploited to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component.

Paper 104

Paper Passwords Metadata Encryption 104

Dark Reading

DECEMBER 13, 2021

The three must-haves in eXtended Detection and Response are: making data accessible, facilitating real-time threat detection, and providing remediation strategies.

IT 113

IT Access 113

Outpost24

DECEMBER 13, 2021

CVE-2021-44228: Critical vulnerability in Apache Log4j library. 13.Dec.2021. Florian Barre. Mon, 12/13/2021 - 05:57. Full-Stack Security. Teaser. On 9 December the Apache Software Foundation (ASF) issued an emergency update for a critical zero-day vulnerability CVE-2021-44228 in a widely used opensource logging tool Log4j included in almost every Java application, with evidence suggesting that hackers are already actively exploiting the vulnerability.

Libraries 98

Libraries Security 98

Security Affairs

DECEMBER 13, 2021

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. The attackers used invoice-themed lures targeting entities in manufacturing, industry, technology, finance, and other verticals. .

Manufacturing 98

Manufacturing Business Services Communications IT 98

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

DECEMBER 13, 2021

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

120

120

Security Affairs

DECEMBER 13, 2021

The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog , including recently disclosed Apache Log4Shell Log4j and Fortinet FortiOS flaws.

CMS 97

CMS Authentication Libraries Risk 97

Threatpost

DECEMBER 13, 2021

The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.

Libraries 98

Libraries Cybersecurity Cloud Security 98

Dark Reading

DECEMBER 13, 2021

This Tech Tip outlines how enterprises can use Canarytokens to find servers in their organization vulnerable to CVE-2021-44228.

106

106

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Outpost24

DECEMBER 13, 2021

CISA Shields Up: How to prepare for the Russia-Ukraine cybersecurity hazard. 13.Feb.2022. Florian Barre. Mon, 12/13/2021 - 05:57. Full-Stack Security. Teaser. CISA issues ‘Shields Up’ alert to warn US companies about potential Russian hacking attempts to disrupt essential services and critical infrastructure as the Russia-Ukraine crisis escalates. Get ahead of the situation with essential information.

Cybersecurity 87

Cybersecurity Security 87

Dark Reading

DECEMBER 13, 2021

Government actions help starve attack groups of the resources - money, ability to recruit, and time.

Ransomware 113

Ransomware Security Government 113

Thales Cloud Protection & Licensing

DECEMBER 13, 2021

A Data Security Nightmare Before Christmas. divya. Tue, 12/14/2021 - 05:11. Once upon a time no one had to worry about who had access to their organization’s data. There were few, if any, data dependent businesses, and for those that were data dependent, the world was a safe place of static systems that were disconnected from the world in which real people lived.

Security 71

Security Digital transformation Compliance Access 71

Dark Reading

DECEMBER 13, 2021

More than 60 variants of the original exploit were introduced over the last day alone.

110

110

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

IG Guru

DECEMBER 13, 2021

Check out the article here. The post Canada Charges Its “Most Prolific Cybercriminal” via Krebs on Security appeared first on IG GURU.

IT 78

IT Security Information governance Government 78

Dark Reading

DECEMBER 13, 2021

The company confirmed last week that one of its file repositories was accessed by a third party.

Access 98

Access IT 98

Threatpost

DECEMBER 13, 2021

The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.

86

86

WIRED Threat Level

DECEMBER 13, 2021

Hundreds of millions of devices are likely affected.

Security 109

Security 109

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

DECEMBER 13, 2021

The number of bug bounty programs jumped by a third, the median payout for a critical vulnerability report rose to $3,000, but rewards for easier-to-find lower-severity flaws stagnated in 2021.

87

87

Data Protection Report

DECEMBER 13, 2021

On December 9, 2021 a critical vulnerability (CVE-2021-44228) was reported within the Apache Log4j Java logging framework. The vulnerability allows threat actors to remotely execute code on both on-premises and cloud-based application servers, thereby obtaining control of the impacted servers. This is a critical vulnerability of very high significance to government and industry groups.

Libraries 57

Libraries Ransomware Cloud Risk 57

Dark Reading

DECEMBER 13, 2021

Customers advised to adopt alternative internal processes to support the affected human resources services.

Ransomware 87

Ransomware 87

Threatpost

DECEMBER 13, 2021

Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.

Security 81

Security 81

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Dark Reading

DECEMBER 13, 2021

Most targeted industry shifts from the financial and insurance sector in 2020.

Communications 75

Communications Insurance 75

Micro Focus

DECEMBER 13, 2021

Micro Focus is taking immediate action to analyze and to remediate, where appropriate, Common Vulnerabilities and Exposures (CVE-2021-44228 / Log4j also known as Logshell / Logjam), a reported vulnerability in the Apache Log4j open source-component that allows Remote Code Execution. Using the Remote Code Execution an attacker can potentially run malicious code that can perform unauthorized.

40

40

Dark Reading

DECEMBER 13, 2021

The opening marks the fifth center opened globally, fulfilling a key milestone within the Global Transparency Initiative.

66

66