vulnerability
2022 promises to be a challenging year for cybersecurity professionals
I am very glad to turn the page on 2021, however, I am not optimistic that 2022 will be remarkably better. I am hopeful that President Biden’s Executive Order 14028 and the …
Small businesses are most vulnerable to growing cybersecurity threats
Many small and medium-sized businesses (SMBs) mistakenly assume (hope?) their size makes them a less appealing target to hackers, without realizing cyber criminals are eager …
The Log4j debacle showed again that public disclosure of 0-days only helps attackers
On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on …
Experts uncover Elephant Beetle, an organized financial-theft operation
Sygnia announced that it has released its comprehensive report uncovering an organized financial-theft operation it has termed Elephant Beetle. For the past two years, the …
Insider threat does not have to be malicious, so how do you protect your organization?
In this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about the causes of insider threat attacks and what companies can do to mitigate …
Why the UK’s energy sector is fragile and ripe to cyber attacks
For the first time in a generation, the UK is in the middle of an unprecedented supply chain crisis, and in recent weeks, we have seen very clearly the immediate and …
How will the cybersecurity industry evolve in 2022?
The cybersecurity landscape has always been dynamic. However, this past year highlighted vulnerabilities and attack vectors that will drive trends and shape global …
4 practical strategies for Log4j discovery
For security teams scrambling to secure their organizations against Log4j exploitation, one of the first and most challenging tasks is understanding where Log4j exists within …
Log4Shell is a dumpster fire that should have been avoided
On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every …
The impact of the Log4j vulnerability on OT networks
Operational Technology (OT) networks are at risk from the recently-announced Apache Log4j (CVE-2021-44228) vulnerability. On the surface, it is not clear why this should be. …
Modern cars: A growing bundle of security vulnerabilities
In this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about modern car vulnerabilities, the techniques hackers are using to compromise …
The Log4j JNDI attack and how to prevent it
The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the …