Cybersecurity experts debate concern over potential Log4j worm

As the fallout from the Log4j vulnerability continues, cybersecurity experts are debating what the future might hold.  Tom Kellermann, VMware’s head of cybersecurity strategy, said the Log4j vulnerability is one…

Espionage Hacking Campaign Is Targeting Telecom Operators

A fresh espionage hacking effort targeting Middle Eastern and Asian telecommunications and IT service companies was recently discovered. The operation has been running for six months, and it may have…

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes. As if finding one easily-exploited…

Suspected espionage campaign targets telecoms, IT service firms in Middle East

Written by AJ Vicens Dec 14, 2021 | CYBERSCOOP Hackers targeted a string of telecommunication operators and IT service organizations in the Middle East and Asia over the last six…

Second Log4j vulnerability discovered, patch already released

more coverage A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228.  The description of the new vulnerability, CVE 2021-45046, says…

‘Seedworm’ Attackers Target Telcos in Asia, Middle East

The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats. Attackers targeting telcos across the Middle East and Asia…

Next-Gen Maldocs & How to Solve the Human Vulnerability

Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.…

CISA releases advisory on five Apache HTTP server vulnerabilities affecting Cisco products

CISA has released a second advisory about several Apache HTTP server vulnerabilities. Cisco sent out a notice about the vulnerabilities in November, explaining that the Apache Software Foundation disclosed five…

Malware distribution in public repositories highlighted by malicious npm packages stealing Discord tokens

ZDNet Recommends Best security key 2021 While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Read…

Canadian Ransomware Arrest Is a Meaningful Flex, Experts Say

U.S. and Canada charge Ottawa man for ransomware attacks, signaling that North America is no cybercriminal haven. Investigations that ran in parallel over nearly two years by Canadian and U.S.…