Sat.Dec 18, 2021 - Fri.Dec 24, 2021

Lights Out: Cyberattacks Shut Down Building Automation Systems

Dark Reading

Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them

Patch these 2 Active Directory flaws to prevent the takeover of Windows domains

Security Affairs

Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Log4j vulnerability explained and how to respond

OpenText Information Management

On December 10th, warnings of the zero-day vulnerability found in the Java logging library, Apache Log4j 2.x, began to emerge. Today, we know that it is currently being exploited by attackers to exfiltrate data or execute arbitrary code.

GUEST ESSAY: Introducing ‘killware’ — malware designed to contaminate, disrupt critical services

The Last Watchdog

Within the past year, we have seen a glut of ransomware attacks that made global news as they stymied the operations of many. In May, the infamous Colonial Pipeline ransomware attack disrupted nationwide fuel supply to most of the U.S. East Coast for six days. Related: Using mobile apps to radicalize youth. But the danger has moved up a notch with a new, grave threat: killware.

100 Pipeline Plays: The Modern Sales Playbook

For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.

Log4j: A CISO's Practical Advice

Dark Reading

Working together is going to make getting through this problem a lot easier

114
114

More Trending

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Troy Hunt

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned's (HIBP's) Pwned Password API. 99.7%

GUEST ESSAY: Why Microsoft Exchange users ‘must have’ robust data recovery policies, practices

The Last Watchdog

Cloud hosted email services have come into wide use as the go-to communication and collaboration work tools for businesses far and wide. Related: Weaponized email endures as top threat. Digital native companies start from day one relying entirely on Microsoft Office 365 or Google’s G Suite and most established companies are in some stage of migrating to, or adjusting for, Office 365 or G Suite.

Cloud 136

7 of the Most Impactful Cybersecurity Incidents of 2021

Dark Reading

There was a lot to learn from breaches, vulnerabilities, and attacks this year

AvosLocker ransomware reboots in Safe Mode and installs tools for remote access

Security Affairs

In a recent wave of attacks, AvosLocker ransomware is rebooting systems into Windows Safe Mode to disable endpoint security solutions.

Access 113

Optimize the Performance of Your Serverless Functions

Run mission-critical applications on serverless without sacrificing visibility.

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

When it comes to managing cybersecurity risk , approximately 35 percent of organizations say they only take an active interest if something bad happens. But in order for businesses to maintain compliance with major privacy laws , they have to have security measures in place before an attack.

GDPR 95

The Worst Hacks of 2021

WIRED Threat Level

It was a year of ransomware, surveillance, data breaches, and yes, more ransomware. Security Security / Cyberattacks and Hacks

The Future of Work Has Changed, and Your Security Mindset Needs to Follow

Dark Reading

VPNs have become a vulnerability that puts organizations at risk of cyberattacks

Risk 114

More than 35,000 Java packages impacted by Log4j flaw, Google warns

Security Affairs

Google found more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache Log4j library.

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

SolarWinds-Like Supply Chain Attacks will Peak in 2022, Apiiro Security Chief Predicts

eSecurity Planet

Cyberthreats against software supply chains moved to the forefront of cybersecurity concerns a year ago when revelations of the attack on software maker SolarWinds emerged.

Risk 90

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Schneier on Security

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Group’s Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox.

93% of Tested Networks Vulnerable to Breach, Pen Testers Find

Dark Reading

Data from dozens of penetration tests and security assessments suggest nearly every organization can be infiltrated by cyberattackers

Apache releases the third patch to address a new Log4j flaw

Security Affairs

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. is the third fix issued in a week.

Your Guide to Using Conversational Marketing to Drive Demand Generation

What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.

The Link Between Ransomware and Cryptocurrency

eSecurity Planet

There are few guarantees in the IT industry, but one certainty is that as the world steps into 2022, ransomware will continue to be a primary cyberthreat. The dangers from ransomware have risen sharply since WannaCry and NotPetya hit the scene in 2017, and this year has been no different.

Every Hero Needs a Sidekick

Micro Focus

In the rush towards digital transformation, even the heroic CIO needs someone they can turn to, says Derek Britton. Who is in your corner to help you solve your digital dilemma? Today’s technology landscape – a bleak dystopian vista?

The Future of Ransomware

Dark Reading

Focusing on basic security controls and executing them well is the best way to harden your systems against an attack

DarkWatchman RAT uses Windows Registry fileless storage mechanism

Security Affairs

DarkWatchman is a new lightweight javascript-based Remote Access Trojan (RAT) that uses novel methods for fileless persistence.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

How Secure are Smart Devices?

Record Nations

As the holiday season approaches, it’s likely that many of us will be receiving smart devices as gifts. Smart devices are becoming more and more common, and many of our appliances even have “smart features”. In fact, you may be in possession of some of these items, and not even know it.

Buckle Up for More Log4j Madness

WIRED Threat Level

Plus: An alleged spy, a ransomware arrest, and more of the week's top security news. Security Security / Security News

Meta Files Federal Lawsuit Against Phishing Operators

Dark Reading

The Facebook parent company seeks court's help in identifying the individuals behind some 39,000 websites impersonating its brands to collect login credentials

Clop ransomware gang is leaking confidential data from the UK police

Security Affairs

Clop ransomware gang stolen confidential data from the UK police and leaked it in the dark web because the victim refused to pay the ransom.

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

The ultimate guide to PCI DSS compliance

IT Governance

If your business handles debit or credit card data, you’ve probably heard of the PCI DSS (Payment Card Industry Data Security Standard). It’s an information security framework designed to reduce payment card fraud by requiring organisations to implement technical and organisational defence measures.

‘Spider-Man: No Way Home’ Download Installs Cryptominer

Threatpost

The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report. Malware Web Security

Preemptive Strategies to Stop Log4j and Its Variants

Dark Reading

Zero trust is key to not falling victim to the next big vulnerability

IT 114