Chinese Spies Exploit Log4Shell | The Right to Work and Non-Competes

LastPass Automated Warnings Linked to 'Credential Stuffing' Attack

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 12.29.21 Wednesday, December 29, 2021 Guide: Mitigating Evolving Risk with the Right Security Framework Download the free guide to learn more about the latest risk management strategies and systems securing organizations worldwide Get Your Free Copy The Right to Work and Non-Competes in the Security Industry The right to work is one of the most fundamental professional rights. Those who actively threaten or work against this right act against the interests of the security community as a whole. Read the Full Column by Joshua Goldfarb The Human Connection: A Mindset for the Coming Year I would like to suggest a New Year's Resolution for my peers in the security industry: Focus on the outcome the other person is seeking, and if you agree with it, help make it happen. Read the Full Column by Keith Ibarguen The Need for Survivable, Trustworthy Secure Systems Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today's threat actors can achieve a foothold in an organization's infrastructure and in turn post-exploit activities must be contained and eliminated. Read the Full Column by Torsten George 5 Ways to Reduce the Risk of Ransomware to Your OT Network What can defenders do in this new reality to strengthen the security posture of their OT environments? Here are five recommendations every CISO should consider. Read the Full Column by Galina Antova Planning for the Future: What's Ahead in 2022 The security industry must commit to a risk-based approach that understands the specific attacks and actors targeting their industry and profile. Read the Full Column by Landon Winkelvoss Upskilling Cyber Defenders Requires a Readiness Environment To sharpen and learn cybersecurity skills, security professionals need to 'play' in a safe, yet stimulating place that provides hands-on, interactive upskilling. Read the Full Column by Jeff Orloff Recent Ransomware Trends Reinforce the Need for Cyber Hygiene, Collaboration Public and private entities need to collaborate by sharing threat information and attack data to make attacks more difficult and resource-intensive for cybercriminals. Read the Full Column by Derek Manky Connect: The Fourth Pillar of Industrial Cybersecurity Critical infrastructure companies need to think of cybersecurity holistically, enabled by a single SOC to protect these once-separate environments in a holistic manner. Read the Full Column by Yaniv Vardi Cybersecurity is Under Assault, And It's Growing Worse It is a good idea to assume that your network has already been breached, even if no overtly malicious notifications have surfaced. Read the Full Column by Marie Hattar Work-from-Anywhere Requires "Work-from-Anywhere Security" Security must be as agile as today's workforce, ensuring consistent protection and optimal user experience regardless of where a user or device operates. Read the Full Column by John Maddison The First Building Block for the SOC of the Future is Data You risk limiting the value you can derive from your next security investment without first thinking about your top use cases and the capabilities needed to address them. Read the Full Column by Marc Solomon What a Departure Email Can Teach Us About Security Regardless of how often someone resigns, departure emails do bring to light a common problem in the cybersecurity field. There is, however, another side to departure emails that many of us don't consider. Read the Full Column by Joshua Goldfarb Guide: Mitigating Evolving Risk with the Right Security Framework Download the free guide to learn more about the latest risk management strategies and systems securing organizations worldwide Get Your Free Copy See All Recent Articles at SecurityWeek.Com Chinese Spies Exploit Log4Shell to Hack Major Academic Institution: The attackers targeted a VMware Horizon instance affected by the recent Log4j vulnerability. Read More LastPass Automated Warnings Linked to 'Credential Stuffing' Attack: LastPass users are being urged to change master passwords and enable multi-factor authentication for all accounts. Read More Storage Devices of Major Vendors Impacted by Encryption Software Flaws: Storage devices from several major vendors are affected by vulnerabilities discovered by a researcher in a third-party encryption software they all use. Read More Another Remote Code Execution Vulnerability Patched in Log4j: Log4j developers have released an update to patch another remote code execution vulnerability, tracked as CVE-2021-44832. Read More Norwegian Media Firm Amedia Suffers Disruption Due to Cyberattack: The attack affected newspaper, advertisement, and subscription management systems. Read More Poland's Tusk Calls Spyware Use 'Crisis for Democracy': Polish opposition leader Donald Tusk on Tuesday said reports the government spied on its opponents represented the country's biggest "crisis for democracy" since the end of communism. Read More Researchers Dive Into Equation Group Tool 'DoubleFeature': Check Point security researchers publish findings from a deep-dive into DoubleFeature, a component of the Equation Group's DanderSpritz post-exploitation framework. Read More Threat Actors Abuse MSBuild for Cobalt Strike Beacon Execution: Tasks designed to perform build operations have been abused for the execution of malicious code. Read More State Workers to Be Paid on Time Despite Ransomware Attack: State workers in West Virginia will be paid on time this week despite a ransomware attack that affected a software provider that helps manage the state's payroll system. Read More Shutterfly Says Ransomware Attack Impacted Manufacturing: The company says credit card data, financial information, and social security numbers were not compromised in the incident. Read More DuckDuckGo Signals Entry Into Desktop Browser Market: DuckDuckGo plans to ship a privacy-centric desktop browser built from scratch to compete with Google's Chrome and Microsoft's Edge. Read More High-Risk Flaw Haunts Apache Server: The Apache HTTP Server 2.4.52 is listed as urgent and CISA is calling on user to "update as soon as possible." Read More IT Services Firm Inetum Discloses Ransomware Attack: The company says the incident had only a limited impact on its operations. Read More Jackson Public Schools Ups Cybersecurity After Hacker Attack: The public school district in Mississippi's capital city is implementing new cybersecurity measures after hackers attacked its server last year. Read More Organizations Targeted With Babuk-Based Rook Ransomware: First spotted at the end of November, the malware appears compiled out of leaked Babuk code. Read More New Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking: Schneider Electric has patched several new vulnerabilities that expose its EVlink electric vehicle charging stations to remote hacking. Read More Albanian Prime Minister Apologizes Over Database Leak: Albania's prime minister on Thursday apologized for a big leak of personal records from a government database of state and private employees, which he said seems more like an inside job than a cyber attack. Read More NVIDIA, HPE Products Affected by Log4j Vulnerabilities: The two companies have confirmed that some of their products are using the vulnerable Log4j logging utility. Read More Several Critical Vulnerabilities Found in myPRO HMI/SCADA Product: A researcher has found several critical vulnerabilities in the myPRO HMI/SCADA product made by mySCADA. Read More Microsoft Office Patch Bypassed for Malware Distribution in Apparent 'Dry Run': Based on publicly available proof-of-concept code, the attack bypasses the patch for CVE-2021-40444 by enclosing malicious documents in RAR archives. Read More Five Eyes Nations Issue Joint Guidance on Log4j Vulnerabilities: The US, Canada, Australia, New Zealand and the UK have released a joint cybersecurity advisory with mitigation guidance for the recent Log4j vulnerabilities. Read More 400,000 Individuals Affected by Email Breach at West Virginia Healthcare Company: Patient data and other information potentially compromised during unauthorized access to Monongalia Health System emails. Read More Research: Simulated Phishing Tests Make Organizations Less Secure: A long-term phishing experiment at a 56,000-employee company ends with a caution around the use of simulated phishing lures in corporate security awareness training exercises. Read More Microsoft Confirms 'NotLegit' Azure Flaw Exposed Source Code Repositories: Researchers warn that the vulnerability has existed since September 2017 and has likely been exploited in the wild. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com