CISA, White House urge organizations to get ready for holiday cyberattacks

The Cybersecurity and Infrastructure Security Agency and the White House have released warnings to companies and organizations across the country, urging them to be on alert for cyberattacks ahead of…

US Senate passes $768 billion defense bill without cyber incident reporting provisions

The US Senate passed the The National Defense Authorization Act (NDAA) on Wednesday, approving the $768 billion annual defense spending bill that was packed with cybersecurity provisions. The bill now heads…

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily-exploited…

CISA probes scope, potential fallout of Log4j vulnerability

Written by Tim Starks Dec 14, 2021 | CYBERSCOOP A top government cyber official said Tuesday that the Cybersecurity and Infrastructure Security Agency hasn’t seen hackers compromise federal agencies by…

Second Log4j vulnerability discovered, patch already released

more coverage A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228.  The description of the new vulnerability, CVE 2021-45046, says…

How to Buy Precious Patching Time as Log4j Exploits Fly

Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed. Sure, Apache got a patch…

Defense Department blocks ads to counter malvertising, official tells Congress

Written by Tim Starks Dec 13, 2021 | CYBERSCOOP The Defense Department employs multiple methods of blocking internet advertisements because of the threats that malicious ads pose, the Pentagon said…

CISA warns 'most serious' Log4j vulnerability likely to affect hundreds of millions of devices

Written by Tim Starks Dec 13, 2021 | CYBERSCOOP Cybersecurity and Infrastructure Security Agency Director Jen Easterly told industry leaders in a phone briefing Monday that a vulnerability in a…

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” An excruciating, easily exploited flaw in the ubiquitous…

Saudi human rights activist files lawsuit against former US intelligence operatives for hacking scandal

Saudi human rights activist Loujain al-Hathloul has filed a lawsuit against spyware maker DarkMatter Group and three former US intelligence operatives for their role in helping the United Arab Emirates…