For anyone hoping to celebrate the decline and fall of ransomware by year's end, think again. While some notable operations have bowed out - at least in name - threat intelligence firm Intel 471 warns that newcomers now account for the majority of attacks, and attack volume is "still on the rise."
Apache has released Log4j version 2.17 to fix yet another high-severity denial-of-service vulnerability - tracked as CVE-2021-45105 with a CVSS score of 7.5 - that affects all versions from 2.0-beta9 to 2.16.0.
Multiple new attacks exploiting the explosive Apache Log4j vulnerabilities have been uncovered, including a newly discovered JavaScript WebSocket attack, threat actors injecting Monero miners via Remote Method Invocation and the comeback of an old and relatively inactive ransomware family.
In an emergency directive issued on Friday regarding the explosive Apache Log4j vulnerabilities, CISA has required federal civilian departments and agencies to assess their internet-facing network assets and immediately patch the systems or implement appropriate mitigation measures.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including mitigating the Apache Log4j zero-day vulnerability, findings from a new report analyzing the Conti ransomware attack on Ireland's Health Services Executive and President Biden's drive to...
The latest edition of the ISMG Security Report features an analysis of the Log4j security flaw, including the risks and mitigation techniques, how to patch Log4j, and CISO Dawn Cappelli on Log4j response.
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
The effort and cost involved in staying safe in this environment is driving many organizations to work with IT and managed security service providers (MSSPs).
From the rain forest of northern Brazil to the business hub of Sao Paulo, Marco Túlio has built an impressive career in cybersecurity. He discusses the opportunity and challenge of enabling people to step up, succeed and eventually rise to be leaders in their own right.
Attackers tied to China, Iran, North Korea and Turkey have been targeting or testing exploits of the ubiquitous Apache Log4j vulnerability. Vendors are rushing to identify and patch supported software and hardware as cybersecurity agencies urge organizations to mitigate the threat and beware exploit attempts.
The White House is requiring federal agencies, including CISA and the FBI, to report cyber incidents that pose a significant threat to national security to White House advisers within 24 hours. Some security experts are questioning the merits of this new mandate.
Following the devastating ransomware attack on Colonial Pipeline in May 2021, North American propane supplier Superior Plus, which has 780,000 customers across the U.S. and Canada, has now acknowledged having suffered a ransomware attack on Sunday. The scale and impact of the attack are unknown.
Security and IT teams racing to mitigate the threat posed by the ubiquitous Apache Log4j 2.14 flaw are facing a new problem: Which version of the patched software should they deploy - 2.15.0 or the newly released 2.16.0?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.