Sat.Dec 18, 2021 - Fri.Dec 24, 2021

Lights Out: Cyberattacks Shut Down Building Automation Systems

Dark Reading

Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them

Patch these 2 Active Directory flaws to prevent the takeover of Windows domains

Security Affairs

Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Log4j vulnerability explained and how to respond

OpenText Information Management

On December 10th, warnings of the zero-day vulnerability found in the Java logging library, Apache Log4j 2.x, began to emerge. Today, we know that it is currently being exploited by attackers to exfiltrate data or execute arbitrary code.

GUEST ESSAY: Introducing ‘killware’ — malware designed to contaminate, disrupt critical services

The Last Watchdog

Within the past year, we have seen a glut of ransomware attacks that made global news as they stymied the operations of many. In May, the infamous Colonial Pipeline ransomware attack disrupted nationwide fuel supply to most of the U.S. East Coast for six days. Related: Using mobile apps to radicalize youth. But the danger has moved up a notch with a new, grave threat: killware.

Build Your Open Data Lakehouse on Apache Iceberg

Speaker: Veena Vasudevan and Jason Hughes

In this webinar, Dremio and AWS will discuss the most common challenges in data architecture and how to overcome them with an open data lakehouse architecture on AWS. Sign up now!

93% of Tested Networks Vulnerable to Breach, Pen Testers Find

Dark Reading

Data from dozens of penetration tests and security assessments suggest nearly every organization can be infiltrated by cyberattackers

More Trending

The Worst Hacks of 2021

WIRED Threat Level

It was a year of ransomware, surveillance, data breaches, and yes, more ransomware. Security Security / Cyberattacks and Hacks

GUEST ESSAY: Why Microsoft Exchange users ‘must have’ robust data recovery policies, practices

The Last Watchdog

Cloud hosted email services have come into wide use as the go-to communication and collaboration work tools for businesses far and wide. Related: Weaponized email endures as top threat. Digital native companies start from day one relying entirely on Microsoft Office 365 or Google’s G Suite and most established companies are in some stage of migrating to, or adjusting for, Office 365 or G Suite.

Cloud 137

7 of the Most Impactful Cybersecurity Incidents of 2021

Dark Reading

There was a lot to learn from breaches, vulnerabilities, and attacks this year

CISA releases a scanner to identify web services affected by Apache Log4j flaws

Security Affairs

US CISA release of a scanner for identifying web services affected by two Apache Log4j remote code execution vulnerabilities.

The Ultimate Guide to Hardening Windows Servers

IT Professional looking to harden your servers? ThreatLocker’s got you covered. The Ultimate Guide to Hardening Windows Servers offers tips and best practices to help mitigate cyber threats, better protect your servers, and secure your endpoints. Download today!

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

When it comes to managing cybersecurity risk , approximately 35 percent of organizations say they only take an active interest if something bad happens. But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack.

GDPR 97

Buckle Up for More Log4j Madness

WIRED Threat Level

Plus: An alleged spy, a ransomware arrest, and more of the week's top security news. Security Security / Security News

New Log4j Attack Vector Discovered

Dark Reading

Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw

111
111

AvosLocker ransomware reboots in Safe Mode and installs tools for remote access

Security Affairs

In a recent wave of attacks, AvosLocker ransomware is rebooting systems into Windows Safe Mode to disable endpoint security solutions.

Access 104

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

SolarWinds-Like Supply Chain Attacks will Peak in 2022, Apiiro Security Chief Predicts

eSecurity Planet

Cyberthreats against software supply chains moved to the forefront of cybersecurity concerns a year ago when revelations of the attack on software maker SolarWinds emerged.

Risk 97

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Schneier on Security

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox.

The Future of Ransomware

Dark Reading

Focusing on basic security controls and executing them well is the best way to harden your systems against an attack

Crooks bypass a Microsoft Office patch for CVE-2021-40444 to spread Formbook malware

Security Affairs

Crooks discovered how to bypass the patch for a recent Microsoft Office vulnerability (CVE-2021-40444) and are using it to distribute Formbook malware. Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability tracked as CVE-2021-40444 (CVSS score of 8.8).

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

The Link Between Ransomware and Cryptocurrency

eSecurity Planet

There are few guarantees in the IT industry, but one certainty is that as the world steps into 2022, ransomware will continue to be a primary cyberthreat. The dangers from ransomware have risen sharply since WannaCry and NotPetya hit the scene in 2017, and this year has been no different.

Microsoft????31????????Azure?? + ?? ???????????????????

DXC

??????DXC ?SAP????????????????2021?7???11???Microsoft????31?????????????????????????????????????????????Azure?Power SAP????????????????2021?7???11???Microsoft????31?????????????????????????????????????????????Azure?Power Microsoft????31?????????????????????????????????????????????Azure?Power

Log4j: A CISO's Practical Advice

Dark Reading

Working together is going to make getting through this problem a lot easier

110
110

Belgian defense ministry hit by cyberattack exploiting Log4Shell bug

Security Affairs

The Belgian defense ministry was hit by a cyber attack, it seems that threat actors exploited the Log4Shell vulnerability. The Belgian defense ministry confirmed it was hit by a cyberattack, it seems that threat actors exploited the Log4Shell vulnerability.

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

The ultimate guide to PCI DSS compliance

IT Governance

If your business handles debit or credit card data, you’ve probably heard of the PCI DSS (Payment Card Industry Data Security Standard). It’s an information security framework designed to reduce payment card fraud by requiring organisations to implement technical and organisational defence measures.

Two Active Directory Bugs Lead to Easy Windows Domain Takeover

Threatpost

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. Vulnerabilities

114
114

Log4j Reveals Cybersecurity's Dirty Little Secret

Dark Reading

Once the dust settles on Log4j, many IT teams will brush aside the need for the fundamental, not-exciting need for better asset and application management

More than 35,000 Java packages impacted by Log4j flaw, Google warns

Security Affairs

Google found more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache Log4j library.

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

Stolen Bitcoins Returned

Schneier on Security

The US has returned $154 million in bitcoins stolen by a Sony employee.

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. 99.7%

The Future of Work Has Changed, and Your Security Mindset Needs to Follow

Dark Reading

VPNs have become a vulnerability that puts organizations at risk of cyberattacks

Risk 106