vulnerability
Experts uncover Elephant Beetle, an organized financial-theft operation
Sygnia announced that it has released its comprehensive report uncovering an organized financial-theft operation it has termed Elephant Beetle. For the past two years, the …
Insider threat does not have to be malicious, so how do you protect your organization?
In this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about the causes of insider threat attacks and what companies can do to mitigate …
Why the UK’s energy sector is fragile and ripe to cyber attacks
For the first time in a generation, the UK is in the middle of an unprecedented supply chain crisis, and in recent weeks, we have seen very clearly the immediate and …
How will the cybersecurity industry evolve in 2022?
The cybersecurity landscape has always been dynamic. However, this past year highlighted vulnerabilities and attack vectors that will drive trends and shape global …
4 practical strategies for Log4j discovery
For security teams scrambling to secure their organizations against Log4j exploitation, one of the first and most challenging tasks is understanding where Log4j exists within …
Log4Shell is a dumpster fire that should have been avoided
On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every …
The impact of the Log4j vulnerability on OT networks
Operational Technology (OT) networks are at risk from the recently-announced Apache Log4j (CVE-2021-44228) vulnerability. On the surface, it is not clear why this should be. …
Modern cars: A growing bundle of security vulnerabilities
In this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about modern car vulnerabilities, the techniques hackers are using to compromise …
The Log4j JNDI attack and how to prevent it
The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the …
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation
Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …
Hacker-powered pentests gaining momentum
Hackers have reported over 66,000 valid vulnerabilities this year – over 20% more than 2020 – with hacker-powered pentests seeing a 264% increase in reported …
Vulnerabilities in Eltima SDK affect popular cloud desktop and USB sharing services
SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like …