Expert insights. Personalized for you.
The ImControllerService service of Lenovo laptops is affected by a privilege elevation bug that can allow to execute commands with admin privileges. MORE
One volley of fake news may land, but properly trained AI can shut down similar attempts at their sources MORE
Microsoft , Adobe , and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. MORE
Hundreds of millions of devices are likely affected. Security Security / Cyberattacks and Hacks MORE
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. MORE
The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. MORE
In 2021, law enforcement continued making a tremendous effort to track down, capture and arrest ransomware operators, to take down ransomware infrastructure, and to claw back ransomware payments. Related: The targeting of supply chains. While some of these efforts have been successful, and may prevent more damage from being done, it is important to realize that headline news is a lightning rod for more attacks. Successful attacks breed copycats, and their arrests make room for replacements. MORE
Hybrid work is here to stay, and organizations can apply zero trust's three core principles to ensure a secure workforce, Devata says MORE
It’s serious : The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. MORE
A decade and a bit ago during my tenure at Pfizer, a colleague's laptop containing information about customers, healthcare providers and other vendors was stolen from their car. MORE
So far, Log4Shell has resulted mostly in cryptomining and a little espionage. The really bad stuff is just around the corner. Security Security / Cyberattacks and Hacks MORE
One leader alone can't protect an organization from cyber threats, C-suite leaders agree MORE
111 
Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. MORE
Privacy and cybersecurity challenges and controversies reverberated through all aspect of business, government and culture in the year coming to a close. Related: Thumbs up for Biden’s cybersecurity exec order. Last Watchdog sought commentary from technology thought leaders about lessons learned in 2021– and guidance heading into 2022. More than two dozen experts participated. Here the first of two articles highlighting what they had to say. Comments edited for clarity and length. MORE
Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really MORE
Cybersecurity vaccines are emerging as a new tool to defend against threats like ransomware and zero-day vulnerabilities. Cybersecurity firms have released “vaccines” in recent days to protect against the widely used STOP ransomware strain and the new Apache Log4Shell vulnerability. MORE
With organisations’ cyber security requirements becoming more complex and the threat of cyber attacks growing each year, many decision-makers are turning towards cyber security as a service. This approach, also known as managed cyber security, works by outsourcing cyber security to a third party. MORE
As we close out 2021, a gargantuan open-source vulnerability has reared its ugly head. Related: The case for ‘SBOM’ This flaw in the Apache Log4J logging library is already being aggressively probed and exploited by threat actors — and it is sure to become a major headache for security teams in 2022. This vulnerability is so dangerous because of its massive scale. MORE
Cybercriminals are quickly ramping up efforts to exploit the critical flaw found in the widely used Log4j open-source logging tool, targeting everything from cryptomining to data theft to botnets that target Linux systems. MORE
CISOs are increasingly drawn to the zero trust security model, but implementing a frictionless experience is still a challenge MORE
Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including the use of QR codes. MORE
The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization's own networks and systems MORE
113 
“Smishing" is an attempt to collect logins or other sensitive information with a malicious text message—and it's on the rise. Security Security / Security Advice MORE
The Conti ransomware gang is the first ransomware operation exploiting the Log4Shell vulnerability to target VMware vCenter Servers. Conti ransomware gang is the first professional race that leverages Log4Shell exploit to compromise VMware vCenter Server installs. MORE
Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. MORE
A look at why this is such a tricky vulnerability and why the industry response has been good, but not great MORE
114 
Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. MORE
ForcedEntry is “one of the most technically sophisticated exploits” Project Zero security researchers have ever seen. Security Security / Cyberattacks and Hacks MORE
Krebs on Security
DECEMBER 14, 2021
Microsoft , Adobe , and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited.
WIRED Threat Level
DECEMBER 13, 2021
Hundreds of millions of devices are likely affected. Security Security / Cyberattacks and Hacks
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
DECEMBER 16, 2021
In 2021, law enforcement continued making a tremendous effort to track down, capture and arrest ransomware operators, to take down ransomware infrastructure, and to claw back ransomware payments. Related: The targeting of supply chains. While some of these efforts have been successful, and may prevent more damage from being done, it is important to realize that headline news is a lightning rod for more attacks. Successful attacks breed copycats, and their arrests make room for replacements.
Dark Reading
DECEMBER 17, 2021
CISOs are increasingly drawn to the zero trust security model, but implementing a frictionless experience is still a challenge
Advertiser: ZoomInfo
For the first time, we’re sharing the winning plays that took us from scrappy startup to a publicly traded company. Use our proven data-driven plays to grow your pipeline and crush your revenue targets.
Krebs on Security
DECEMBER 16, 2021
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
DECEMBER 13, 2021
Privacy and cybersecurity challenges and controversies reverberated through all aspect of business, government and culture in the year coming to a close. Related: Thumbs up for Biden’s cybersecurity exec order. Last Watchdog sought commentary from technology thought leaders about lessons learned in 2021– and guidance heading into 2022. More than two dozen experts participated. Here the first of two articles highlighting what they had to say. Comments edited for clarity and length.
Dark Reading
DECEMBER 17, 2021
Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really
Krebs on Security
DECEMBER 13, 2021
The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system.
Security Affairs
DECEMBER 14, 2021
Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines.
Advertiser: Datadog
Run mission-critical applications on serverless without sacrificing visibility.
The Last Watchdog
DECEMBER 14, 2021
As we close out 2021, a gargantuan open-source vulnerability has reared its ugly head. Related: The case for ‘SBOM’ This flaw in the Apache Log4J logging library is already being aggressively probed and exploited by threat actors — and it is sure to become a major headache for security teams in 2022. This vulnerability is so dangerous because of its massive scale.
Dark Reading
DECEMBER 16, 2021
A look at why this is such a tricky vulnerability and why the industry response has been good, but not great
WIRED Threat Level
DECEMBER 12, 2021
“Smishing" is an attempt to collect logins or other sensitive information with a malicious text message—and it's on the rise. Security Security / Security Advice
Security Affairs
DECEMBER 16, 2021
The ImControllerService service of Lenovo laptops is affected by a privilege elevation bug that can allow to execute commands with admin privileges.
Advertisement
This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.
eSecurity Planet
DECEMBER 13, 2021
Cybersecurity vaccines are emerging as a new tool to defend against threats like ransomware and zero-day vulnerabilities. Cybersecurity firms have released “vaccines” in recent days to protect against the widely used STOP ransomware strain and the new Apache Log4Shell vulnerability.
Dark Reading
DECEMBER 16, 2021
The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization's own networks and systems
WIRED Threat Level
DECEMBER 15, 2021
ForcedEntry is “one of the most technically sophisticated exploits” Project Zero security researchers have ever seen. Security Security / Cyberattacks and Hacks
Security Affairs
DECEMBER 12, 2021
Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including the use of QR codes.
Advertiser: ZoomInfo
What is conversational marketing really about? This guide will examine the market forces at play, shifting buyer trends, how to leverage conversation marketing, and the tactics involved in adopting it for a B2B demand generation strategy.
Troy Hunt
DECEMBER 15, 2021
A decade and a bit ago during my tenure at Pfizer, a colleague's laptop containing information about customers, healthcare providers and other vendors was stolen from their car.
Dark Reading
DECEMBER 14, 2021
One volley of fake news may land, but properly trained AI can shut down similar attempts at their sources
IT Governance
DECEMBER 14, 2021
With organisations’ cyber security requirements becoming more complex and the threat of cyber attacks growing each year, many decision-makers are turning towards cyber security as a service. This approach, also known as managed cyber security, works by outsourcing cyber security to a third party.
Security Affairs
DECEMBER 12, 2021
Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets.
Advertiser: Datadog
In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).
Troy Hunt
DECEMBER 17, 2021
As I start out by saying this week's video, it's very summer here and not a day goes by without multiple pool visits.
Dark Reading
DECEMBER 17, 2021
One leader alone can't protect an organization from cyber threats, C-suite leaders agree
eSecurity Planet
DECEMBER 13, 2021
Cybercriminals are quickly ramping up efforts to exploit the critical flaw found in the widely used Log4j open-source logging tool, targeting everything from cryptomining to data theft to botnets that target Linux systems.
Security Affairs
DECEMBER 16, 2021
Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library.
Advertisement
Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.
WIRED Threat Level
DECEMBER 16, 2021
So far, Log4Shell has resulted mostly in cryptomining and a little espionage. The really bad stuff is just around the corner. Security Security / Cyberattacks and Hacks
Dark Reading
DECEMBER 14, 2021
Hybrid work is here to stay, and organizations can apply zero trust's three core principles to ensure a secure workforce, Devata says
Schneier on Security
DECEMBER 14, 2021
It’s serious : The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application.
Let's personalize your content