Multiple new attacks exploiting the explosive Apache Log4j vulnerabilities have been uncovered, including a newly discovered JavaScript WebSocket attack, threat actors injecting Monero miners via Remote Method Invocation and the comeback of an old and relatively inactive ransomware family.
In an emergency directive issued on Friday regarding the explosive Apache Log4j vulnerabilities, CISA has required federal civilian departments and agencies to assess their internet-facing network assets and immediately patch the systems or implement appropriate mitigation measures.
A backdoor in the network of the U.S. Commission on International Religious Freedom has allowed attackers to intercept, and likely exfiltrate, all local network traffic on the agency's systems, Avast tells ISMG. The firm says it attempted to reach the agency via multiple channels with no success.
Six U.S. senators sent a letter to the Treasury Dept. regarding new cryptocurrency regulation stemming from the infrastructure bill. The lawmakers urge Treasury Secretary Janet Yellen to address concerns around the law, which requires a broad group of professionals to report information to the IRS.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including mitigating the Apache Log4j zero-day vulnerability, findings from a new report analyzing the Conti ransomware attack on Ireland's Health Services Executive and President Biden's drive to...
The latest edition of the ISMG Security Report features an analysis of the Log4j security flaw, including the risks and mitigation techniques, how to patch Log4j, and CISO Dawn Cappelli on Log4j response.
The effort and cost involved in staying safe in this environment is driving many organizations to work with IT and managed security service providers (MSSPs).
From the rain forest of northern Brazil to the business hub of Sao Paulo, Marco Túlio has built an impressive career in cybersecurity. He discusses the opportunity and challenge of enabling people to step up, succeed and eventually rise to be leaders in their own right.
An Iranian state-sponsored threat group is using free workspaces on messaging platform Slack to deploy a backdoor in an Asian airline's system, according to researchers. The backdoor, dubbed Aclip, may have enabled the threat actor to access the airline's passenger reservations data.
The new U.K cyber strategy calls for a balanced partnership across the public, private and third sectors. The government is to provide a 2.6 billion-pound investment in a more proactive approach to fostering and protecting the U.K.’s competitive advantage critical cyber technologies.
The U.S. Department of Homeland Security this week announced a "Hack DHS" bug bounty program to identify potential cybersecurity vulnerabilities within its systems and to increase DHS' overall cyber resilience. Hackers uncovering vulnerabilities will be compensated by the department.
Attackers tied to China, Iran, North Korea and Turkey have been targeting or testing exploits of the ubiquitous Apache Log4j vulnerability. Vendors are rushing to identify and patch supported software and hardware as cybersecurity agencies urge organizations to mitigate the threat and beware exploit attempts.
The White House is requiring federal agencies, including CISA and the FBI, to report cyber incidents that pose a significant threat to national security to White House advisers within 24 hours. Some security experts are questioning the merits of this new mandate.
The must-pass annual defense spending bill, authorizing nearly $770 billion in funding for the Pentagon, passed the Senate in a bipartisan vote on Wednesday, with several cybersecurity provisions, including measures to "empower and expand" CISA.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.