| LATEST SECURITY NEWS & COMMENTARY | Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say. Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors Amid the increase in Log4J attack activity, at least one Iranian state-backed threat group is preparing to target the vulnerability, experts say. 40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j More than 60 variants of the original exploit were introduced over the last day alone. What to Do While Waiting for the Log4J Updates This Tech Tip outlines how enterprise defenders can mitigate the risks of the Log4j vulnerabilities for the short-term while waiting for updates. Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool A remote code execution vulnerability in Log4j presents a bigger threat to organizations than even the infamous 2017 Apache Struts vulnerability that felled Equifax, they say. Microsoft Patches Zero-Day Spreading Emotet Malware The December rollout includes 67 security patches and addresses one zero-day and five more publicly known vulnerabilities. Emotet Is Back and More Dangerous Than Before Volume of traffic associated with the malware is now back at 50% of the volume before law enforcement took the botnet operation down in January 2021, security vendor says. Lack of Patching Leaves 300,000 Routers at Risk for Attack A significant percentage of the 2 million consumer and small-business routers produced by a Latvian firm are vulnerable and being used by attackers, a security firm says. Kronos Suffers Ransomware Attack, Expects Full Restoration to Take 'Weeks' Customers advised to adopt alternative internal processes to support the affected human resources services. Name That Toon: Modern-Day Frosty Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. Why Cloud Storage Isn't Immune to Ransomware Cloud security is a shared responsibility. which sometimes leads to security gaps and complexity in risk management. Why the Private Sector Is Key to Stopping Russian Hacking Group APT29 Left unchecked, these attacks could have devastating effects on government and military secrets and jeopardize the software supply chain and the global economy. Privacy and Safety Issues With Facebook's New 'Metaventure' With access to a user's 3D model and full-body digital tracking, attackers can recreate the perfect replica of a C-level executive to trick employees. MORE NEWS / MORE COMMENTARY | | |
|
Dark Reading Weekly -- Published By Dark Reading Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 | To update your profile, change your e-mail address, or unsubscribe, click here. | To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | We take your privacy very seriously. Please review our Privacy Statement. |
|
|