Krebs on Security

DECEMBER 14, 2021

Microsoft , Adobe , and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this month’s Patch Tuesday is overshadowed by the “ Log4Shell ” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.

Libraries 299

Libraries Cybersecurity Data breaches Cloud 299

WIRED Threat Level

DECEMBER 13, 2021

Hundreds of millions of devices are likely affected.

Security 110

Security 110

The Last Watchdog

DECEMBER 16, 2021

In 2021, law enforcement continued making a tremendous effort to track down, capture and arrest ransomware operators, to take down ransomware infrastructure, and to claw back ransomware payments. Related: The targeting of supply chains. While some of these efforts have been successful, and may prevent more damage from being done, it is important to realize that headline news is a lightning rod for more attacks.

Ransomware 220

Ransomware Risk Authentication Access 220

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability ( CVE-2021-44228 ) to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines.

Ransomware 142

Ransomware Encryption Access Security 142

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Hunton Privacy

DECEMBER 15, 2021

On November 10, 2021, the New York City Council passed a bill prohibiting employers and employment agencies from using automated employment decision tools to screen candidates or employees, unless a bias audit has been conducted prior to deploying the tool (the “Bill”). The Bill defines an “automated employment decision tool” as any computational process (either derived from machine learning, statistical modeling, data analytics, or artificial intelligence) that issues a simplified output ( e.g.

Artificial Intelligence 139

Artificial Intelligence Analytics IT Privacy 139

IT Governance

DECEMBER 14, 2021

With organisations’ cyber security requirements becoming more complex and the threat of cyber attacks growing each year, many decision-makers are turning towards cyber security as a service. This approach, also known as managed cyber security, works by outsourcing cyber security to a third party. Organisations such as IT Governance that offer cyber security as a service assign dedicated experts to oversee the organisation’s data protection and data privacy needs.

Security 131

Security Insurance Data breaches Information Security 131

Security Affairs

DECEMBER 12, 2021

Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including the use of QR codes. The messages used in a campaign recently discovered by cybersecurity firm Cofense use QR codes to deceive users of two Geman financial institutions, Sparkasse and Volksbanken Raiffeisenbanken, and steal digital banking inform

Phishing 138

Phishing Cybersecurity Security IT 138

Threatpost

DECEMBER 13, 2021

Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking.

Ransomware 129

Ransomware Cloud IT Government 129

eSecurity Planet

DECEMBER 13, 2021

Cybercriminals are quickly ramping up efforts to exploit the critical flaw found in the widely used Log4j open-source logging tool, targeting everything from cryptomining to data theft to botnets that target Linux systems. The cybersecurity community is responding with tools for detecting exploitation of the vulnerability, a remote code execution (RCE) flaw dubbed Log4Shell and tracked as CVE-2021-44228.

Cybersecurity 134

Cybersecurity Honeypots Cloud Security 134

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Troy Hunt

DECEMBER 15, 2021

A decade and a bit ago during my tenure at Pfizer, a colleague's laptop containing information about customers, healthcare providers and other vendors was stolen from their car. The machine had full disk encryption and it's not known whether the thief was ever actually able to access the data. It's not clear if the car was locked or not.

Data breaches 128

Data breaches Passwords Access Personal data 128

Security Affairs

DECEMBER 16, 2021

The ImControllerService service of Lenovo laptops is affected by a privilege elevation bug that can allow to execute commands with admin privileges. Lenovo laptops, including ThinkPad and Yoga families, are affected by a privilege elevation issues that resides in the ImControllerService service allowing attackers to execute commands with admin privileges.

IT 135

IT Security Access Cybersecurity 135

DXC Technology

DECEMBER 15, 2021

As fast as the world and technology evolve, IT departments are evolving with it. To stay ahead of all this change, IT leaders need to free up time for the most important tasks. Automation is an obvious answer to do this. If you can automate the high-volume, low-complexity tasks that drain resources, you can boost […]. The post Prioritizing IT automation: A four-step approach appeared first on DXC Blogs.

IT 123

IT 123

eSecurity Planet

DECEMBER 15, 2021

Nation-state cyber threat groups and ransomware attackers are moving in to exploit a critical flaw found in the seemingly ubiquitous Apache Log4j open-source logging tool, as attacks spread just days after the vulnerability that could affect hundreds of millions of devices was made public late last week. Microsoft researchers reported that the remote code execution (RCE) vulnerability is being exploited by nation-state groups associated with China, North Korea, Iran and Turkey, with the activity

Ransomware 122

Ransomware Cybersecurity Access Libraries 122

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Troy Hunt

DECEMBER 17, 2021

As I start out by saying this week's video, it's very summer here and not a day goes by without multiple pool visits. Next week's video is going to be from somewhere epically amazing out of this world that I've wanted to go to for a long time now so stay tuned for that one as I go mobile again. Somehow, today's video stretched out beyond an hour with what felt like a list of pretty minor discussion points, but plenty of good questions and commentary along the way.

IT 116

IT Security 116

Security Affairs

DECEMBER 12, 2021

Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The attempts were carried out by Muhstik and Mirai botnets in attacks aimed at Linux devices.

Honeypots 135

Honeypots Libraries Authentication Passwords 135

Dark Reading

DECEMBER 16, 2021

The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization's own networks and systems.

129

129

eSecurity Planet

DECEMBER 17, 2021

Some companies use cloud-based security information and event management (SIEM) , and others use SIEM that has been installed in a local data center. These on-premises SIEMs can be run on Windows Servers, Linux Servers, and within virtual machines (VMs) or containers. While the security vulnerabilities for each of these instances will be unique and highly dependent upon setup, you can still verify your security using the same checklist, which we’ll give the acronym VIDA DUCA for the steps

Security 120

Security Access Artificial Intelligence Cloud 120

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Schneier on Security

DECEMBER 16, 2021

Log4j is being exploited by all sorts of attackers, all over the Internet: At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups,” said cybersecurity company Check Point.

Cybersecurity 113

Cybersecurity IT 113

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library. The CVE-2021-45046 received a CVSS score of 3.7 and affects Log4j versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 (which was released to fix CV

Libraries 130

Libraries Ransomware Access Security 130

Hunton Privacy

DECEMBER 16, 2021

On December 6, 2021, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published a white paper on “ Bridging the DMA and the GDPR – Comments by the Centre for Information Policy Leadership on the Data Protection Implications of the Draft Digital Markets Act ” (the “White Paper”). The European Commission’s draft Digital Markets Act (“DMA”) is a proposal for a regulation on “contestable and fair markets” in the digital sector, setting forth obligations for digital

Paper 111

Paper GDPR Marketing Compliance 111

Threatpost

DECEMBER 15, 2021

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.

Libraries 119

Libraries Security 119

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

DECEMBER 13, 2021

Every high-profile breach leaves a trail of bread crumbs, and defenders who monitor access brokers can connect the dots and detect attacks as they unfold.

Access 118

Access 118

Security Affairs

DECEMBER 17, 2021

The Conti ransomware gang is the first ransomware operation exploiting the Log4Shell vulnerability to target VMware vCenter Servers. Conti ransomware gang is the first professional race that leverages Log4Shell exploit to compromise VMware vCenter Server installs. The ransomware group used the exploit to target internal devices that are not protected.

Ransomware 123

Ransomware Energy and Utilities IT Libraries 123

IT Governance

DECEMBER 16, 2021

You may have seen people talk this week about Log4Shell and the damage that it’s causing. The zero-day exploit has people worried, with some saying that it’s “ set the Internet on fire ” or that it “ will haunt [us] for years ”? But just how concerned should you be and is there anything you can do to protect yourself? What is Log4Shell? Log4Shell is a remote code execution exploit that’s found in versions of log4j, the popular open-source Java logging library.

Libraries 105

Libraries Personal data Ransomware Security 105

Threatpost

DECEMBER 14, 2021

If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches that we saw in our key […].

Security 107

Security 107

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Dark Reading

DECEMBER 13, 2021

The three must-haves in eXtended Detection and Response are: making data accessible, facilitating real-time threat detection, and providing remediation strategies.

IT 113

IT Access 113

Security Affairs

DECEMBER 13, 2021

Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The attempts were carried out by Muhstik and Mirai botnets in attacks aimed at Linux devices.

Mining 114

Mining Honeypots Libraries IT 114

Data Matters

DECEMBER 16, 2021

Sidley associate Lauren Kitces was featured on Simplify For Success, a podcast series presented by Meru Data and hosted by Priya Keshav. The discussion covered upcoming U.S. privacy laws and key considerations for organizations as they prepare for these laws. Tune in here. The episode can also be found on various streaming platforms, including Apple Podcasts , Spotify , and Amazon Music.

Privacy 88

Privacy 88