Tue.Dec 14, 2021

article thumbnail

Webinar Recap: Results From the 2021 ACEDS and Hanzo Survey on the State of Collaboration Data and Corporate Readiness

Hanzo Learning Center

52
article thumbnail

Microsoft Patch Tuesday, December 2021 Edition

Krebs on Security

Microsoft , Adobe , and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “ Log4Shell ” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.

Libraries 297
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

SHARED INTEL: LogJ4 vulnerability presents a gaping attack vector companies must heed in 2022

The Last Watchdog

As we close out 2021, a gargantuan open-source vulnerability has reared its ugly head. Related: The case for ‘SBOM’ This flaw in the Apache Log4J logging library is already being aggressively probed and exploited by threat actors — and it is sure to become a major headache for security teams in 2022. “This vulnerability is so dangerous because of its massive scale.

Libraries 185
article thumbnail

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Security Affairs

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability ( CVE-2021-44228 ) to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

What are the benefits of cyber security as a service?

IT Governance

With organisations’ cyber security requirements becoming more complex and the threat of cyber attacks growing each year, many decision-makers are turning towards cyber security as a service. This approach, also known as managed cyber security, works by outsourcing cyber security to a third party. Organisations such as IT Governance that offer cyber security as a service assign dedicated experts to oversee the organisation’s data protection and data privacy needs.

Security 131

More Trending

article thumbnail

DHS announces its ‘Hack DHS’ bug bounty program

Security Affairs

The DHS has launched a new bug bounty program dubbed ‘Hack DHS’ to discover security vulnerabilities in external DHS systems. The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed ‘Hack DHS’ that allows vetted white hat hackers to discover and report security vulnerabilities in external DHS systems.

IT 105
article thumbnail

Combat Misinformation by Getting Back to Security Basics

Dark Reading

One volley of fake news may land, but properly trained AI can shut down similar attempts at their sources.

Security 131
article thumbnail

Adobe addresses over 60 vulnerabilities in multiple products

Security Affairs

Adobe warns of threat actors that could exploit critical vulnerabilities in multiple products running on Windows and macOS systems. Adobe has issued critical warnings for more than 60 vulnerabilities in multiple products running on Windows and macOS machines. The vulnerabilities can be exploited by threat actors for code execution, privilege escalation and denial-of-service attacks.

Security 102
article thumbnail

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

Threatpost

It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.

IT 101
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Google fixed the 17th zero-day in Chrome since the start of the year

Security Affairs

Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102 , exploited in the wild. Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102 , exploited in the wild. The CVE-2021-4102 flaw is a use-after-free issue in the V8 JavaScript and WebAssembly engine, its exploitation could lead to the execution of arbitrary code or data corrup

article thumbnail

Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors

Dark Reading

Amid the increase in Log4J attack activity, at least one Iranian state-backed threat group is preparing to target the vulnerability, experts say.

article thumbnail

US CISA orders federal agencies to fix Log4Shell by December 24th

Security Affairs

US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. The order aims at preventing threat actors could exploit the vulnerability in attacks against government systems.

article thumbnail

Cisco's Ash Devata on Securing the Hybrid Workforce With Zero Trust

Dark Reading

Hybrid work is here to stay, and organizations can apply zero trust's three core principles to ensure a secure workforce, Devata says.

Security 104
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

On the Log4j Vulnerability

Schneier on Security

It’s serious : The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. From there they can load arbitrary code on the targeted server and install malware or launch other attacks.

IT 119
article thumbnail

Microsoft Patches Zero-Day Spreading Emotet Malware

Dark Reading

The December rollout includes 67 security patches and addresses one zero-day and five more publicly known vulnerabilities.

Security 104
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the RSA Conference 2022 in San Francisco on February 8, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia on June 3, 2022. The list is maintained on this page.

IT 86
article thumbnail

Launch Extended Detection and Response Steps to Manage Log4j Vulnerability

OpenText Information Management

Threat Hunts must include cloud, network, endpoint, log and email vectors Note: OpenText™ Security reports that there is no Log4j impact on its EnCase suite of products including EnCase Endpoint Investigator, EnCase Endpoint Security, EnCase Forensic, EnCase Information Assurance, EnCase Mobile Investigator, and Tableau Forensic. Top US cybersecurity officials have warned of the zero-day vulnerability … The post Launch Extended Detection and Response Steps to Manage Log4j Vulnerability app

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Tool Overload & Attack Surface Expansion Plague SOCs

Dark Reading

Security professionals are burning out from handling too many tools and facing a growing number of threats, and more than 40% see lack of leadership as the main problem.

Security 109
article thumbnail

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery

Threatpost

December's Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities.

article thumbnail

Tufin Introduces Security Policy Builder (SPB) App to Marketplace

Dark Reading

Automates security policy design to ensure compliance and reduce likelihood of breach announcing significant updates to other marketplace apps.

article thumbnail

What the Log4Shell Bug Means for SMBs: Experts Weigh In

Threatpost

An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what's vulnerable, what an attack looks like and to how to remediate.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

John Mancini starts a new research project around Microsoft 365

IG Guru

Check out the link on LinkedIn here. The post John Mancini starts a new research project around Microsoft 365 appeared first on IG GURU.

article thumbnail

Source Code Leaks: The Real Problem Nobody Is Paying Attention To

Dark Reading

Source code is a corporate asset like any other, which makes it an attractive target for hackers.

IT 88
article thumbnail

Building Information Modeling (BIM) – Why Its Time Has Come

OpenText Information Management

A slow start While construction technology itself has made incredible advances since the industrial revolution, the management and planning side of the equation has notoriously lagged behind. But that’s changed in recent years, in large part due to the growing adoption of Building Information Modeling (BIM) standards. BIM is the process of creating and managing … The post Building Information Modeling (BIM) – Why Its Time Has Come appeared first on OpenText Blogs.

IT 62
article thumbnail

400 Banks’ Customers Targeted with Anubis Trojan

Threatpost

The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Ransomware Hits Virginia Legislative Agencies

Dark Reading

The attack forced a shutdown of computer systems and websites for Virginia legislative agencies and commissions, reports state.

article thumbnail

How to Buy Precious Patching Time as Log4j Exploits Fly

Threatpost

Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed.

IT 64
article thumbnail

Janet Kiehart – Synergis Founder and Strategic Account Manager

Synergis Software

In December, we’re highlighting another one of our beloved company founders, Janet Kiehart. Janet, along with Bill Stamp and David Sharp, founded the company in 1984. In our early years, Synergis was one of the first Autodesk resellers, and so Janet was one of the first salespeople to sell AutoCAD in the mid-Atlantic region. Although Janet is no longer selling AutoCAD directly, she is very fondly remembered by her customers in the region who often inquire about her and want to know what she’s up

52