FinTech Company Impacted by Log4j Says No to Paying the Ransom

A cyberattack has recently impacted ONUS, one of the biggest Vietnamese crypto trading platforms. Hackers targeted the company’s payment system where a vulnerable version of Log4j was running. After the…

LastPass VPs confirm 'no indication' of compromised accounts after security alerts

Two LastPass vice presidents have released statements about the situation surrounding LastPass security issues that came to light this week.  Two days ago, hundreds of LastPass users took to Twitter,…

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them. While researching…

APT group seen attacking academic institution through Log4J vulnerability: Crowdstrike

Cybersecurity company CrowdStrike has discovered an attempt by a China-based group to infiltrate an academic institution through the Log4j vulnerability.  more Log4j CrowdStrike called the group “Aquatic Panda” and said…

Chinese hackers use Log4j exploit to go after academic institution

Written by Tonya Riley Dec 29, 2021 | CYBERSCOOP A Chinese hacking group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large…

What Is IPAM in Networking and Cybersecurity?

Managing thousands of IP-connected devices can become a great challenge for many organizations. But imagine trying to keep track of which IP Address is assigned to each device, which DHCP…

The Fifth Log4j Vulnerability Has Been Fixed by Apache

Another Log4j version has been released by Apache dubbed 2.17.1, as prior to yesterday the most recent Log4j version was 2.17.0. This new variant addresses the RCE found in 2.17.0…

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019

Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency. Hackers behind a cryptomining campaign have managed to avoid…

5 problems with securing applications

The question is not whether vulnerabilities exist in your application — they do. The real question is simply which happens first: will attackers exploit them, or will you fix them?…

K-12 Cybersecurity Act Signed Into Law

Security Intelligence – Security Intelligence – K-12 Cybersecurity Act Signed Into Law Present Joe Biden signed the K-12 Cybersecurity Act into law, which lays out four objectives with the goal…