The Log4j saga: New vulnerabilities and attack vectors discovered
The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j …
Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations
Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. …
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
Carrier strengthens cybersecurity program with CVE Numbering Authority
Carrier has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). This designation allows Carrier to provide customers greater transparency and …
SecurityGate.io partners with Rokster to help industrial companies bridge the OT security skills gap
SecurityGate.io announced a partnership with Rokster, a technology consulting firm specializing in regulatory compliance, cybersecurity, artificial intelligence, blockchain, …
November 2021 Patch Tuesday forecast: More mandates in the United States
The global holiday season is upon us with Diwali happening now, Thanksgiving the end of the month, and then on to Christmas and New Years! But before we all start celebrating, …
ARMO adds MITRE ATT&CK framework to its open-source Kubernetes testing tool
ARMO released an expanded version Kubescape, an open-source testing tool for Kubernetes environments that is compliant with the standards set forth in the Kubernetes Hardening …
Qualys Ransomware Risk Assessment Service helps organizations to proactively combat ransomware attacks
Qualys released its Ransomware Risk Assessment Service to provide companies with visibility into their ransomware exposure and automate the patching and configuration changes …
Apple joins Cyber Readiness Institute as Co-Chair to improve cyber readiness for SMBs
The Cyber Readiness Institute (CRI) welcomed Apple as a Co-Chair of the organization. Apple joins CRI to further our mission to help small and medium-sized businesses (SMBs) …
Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)
VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005. “This vulnerability can be …
Ransomware gangs target organizations during holidays and weekends
Ransomware gangs may take advantage of upcoming holidays and weekends to hit US organizations, the FBI and the CISA have warned. They don’t have any specific threat …
Chris Dimitriadis becomes ISACA’s first Chief Global Strategy Officer
Long-time ISACA member, volunteer and past board chair Chris Dimitriadis has stepped into a new ISACA leadership role as the first chief global strategy officer at the global …