Phishing attacks impersonate Pfizer in fake requests for quotation
Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims. [...]
Upgraded to log4j 2.16? Surprise, there’s a 2.17 fixing DoS
Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga began last…
The Week in Ransomware – December 17th 2021 – Enter Log4j
A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat…
TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows…
CISA urges VMware admins to patch critical flaw in Workspace ONE UEM
CISA has asked VMware admins and users today to patch a critical security vulnerability found in the Workspace ONE UEM…
Time to Reset the Idea of Zero Trust
CISOs are increasingly drawn to the zero trust security model, but implementing a frictionless experience is still a challenge.
Logistics giant warns of BEC emails following ransomware attack
Hellmann Worldwide is warning customers of an increase in fraudulent calls and emails regarding payment transfer and bank account changes…
Conti ransomware uses Log4j bug to hack VMware vCenter servers
Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and…
Why Log4j Mitigation Is Fraught With Challenges
The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an…
Log4j attackers switch to injecting Monero miners via RMI
Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both…