Time to Reset the Idea of Zero Trust
CISOs are increasingly drawn to the zero trust security model, but implementing a frictionless experience is still a challenge.
Logistics giant warns of BEC emails following ransomware attack
Hellmann Worldwide is warning customers of an increase in fraudulent calls and emails regarding payment transfer and bank account changes…
Conti ransomware uses Log4j bug to hack VMware vCenter servers
Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and…
Why Log4j Mitigation Is Fraught With Challenges
The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an…
Log4j attackers switch to injecting Monero miners via RMI
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both…
Facebook disrupts operations of seven surveillance-for-hire firms
Facebook has disrupted the operations of seven different spyware-making companies, blocking their Internet infrastructure, sending cease and desist letters, and…
Log4Shell: The Big Picture
A look at why this is such a tricky vulnerability and why the industry response has been good, but not…
Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft
Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say.
Dept. of Homeland Security Launches ‘Hack DHS’ Program
A new bug bounty program aims to find potential security flaws within certain DHS systems and strengthen the department's security…
Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory
The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security…