CISA, the FBI, the NSA and several of their international law enforcement partners have issued a joint advisory on the known vulnerabilities in the Apache Log4j software library urging "any organization using products with Log4j to mitigate and patch immediately."
A week after announcing a new bug bounty program called "Hack DHS," U.S. Department of Homeland Security Secretary Alejandro Mayorkas announced that DHS is expanding the scope of the program to include finding and patching Log4j-related vulnerabilities in the systems.
The energy, utilities, and industrials vertical has long been a significant target for criminals and state-sponsored threat actors.
The May 2021 ransomware attack on the US Colonial pipeline operation became one of the most high-profile examples of these long-standing threats, due to the gasoline supply shortages it...
The newly published U.K. Cyber Security Strategy demonstrates "the depth of ambition that the U.K. has got for the cyber sector," says Dan Patefield, program head of cyber and national security at techUK. He discusses the opportunities and challenges the new strategy brings.
The Belgian Ministry of Defense, which is responsible for national defense and the Belgian military, announced on Monday that it has fallen victim to a cyberattack officials say relates to the widespread Apache Log4j vulnerability. The attack "paralyzed the ministry's activities for several days."
The automotive industry continues to be under pressure from cyberattacks targeting all business angles; from the parts they manufacture, to the customer data they house within connected cars and/or their processing systems.
This treasure trove of PII, IP, and critical data is attractive to nefarious groups and puts...
The Chinese state-sponsored threat group Tropic Trooper has resurfaced as Earth Centaur and is targeting the transportation industry and government agencies associated with that sector, according to new research from cybersecurity firm Trend Micro.
An Indian joint parliamentary committee has reintroduced set penalties for data violations after yielding to opposition demands. Some cyber law experts still believe it is unlikely organizations will be heavily penalized owing to deficiencies in the country's legal procedures.
As the final days of 2021 near, healthcare entities in and outside the U.S. continue to deal with systems disruptions and major data breaches involving ransomware and other cyberattacks. The latest includes a hospital for women and infants in Ireland and a large specialty medical practice in Texas.
For anyone hoping to celebrate the decline and fall of ransomware by year's end, think again. While some notable operations have bowed out - at least in name - threat intelligence firm Intel 471 warns that newcomers now account for the majority of attacks, and attack volume is "still on the rise."
As the pandemic pushed businesses out of the office and into a hybrid way of working, we’ve come to depend on technologies like email for critical business functions: signing contracts, sharing documents––even just chatting to our team about the game results.
But unfortunately, the more we rely on email, the...
Apache has released Log4j version 2.17 to fix yet another high-severity denial-of-service vulnerability - tracked as CVE-2021-45105 with a CVSS score of 7.5 - that affects all versions from 2.0-beta9 to 2.16.0.
Multiple new attacks exploiting the explosive Apache Log4j vulnerabilities have been uncovered, including a newly discovered JavaScript WebSocket attack, threat actors injecting Monero miners via Remote Method Invocation and the comeback of an old and relatively inactive ransomware family.
In an emergency directive issued on Friday regarding the explosive Apache Log4j vulnerabilities, CISA has required federal civilian departments and agencies to assess their internet-facing network assets and immediately patch the systems or implement appropriate mitigation measures.
Healthcare sector entities, like organizations across most industries, are being warned by authorities to carefully assess how the recently identified remote code execution vulnerability in the Apache Log4j Java logging library might affect their environments. What steps should they take?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.