The Belgian Ministry of Defense, which is responsible for national defense and the Belgian military, announced on Monday that it has fallen victim to a cyberattack officials say relates to the widespread Apache Log4j vulnerability. The attack "paralyzed the ministry's activities for several days."
Apache has released Log4j version 2.17 to fix yet another high-severity denial-of-service vulnerability - tracked as CVE-2021-45105 with a CVSS score of 7.5 - that affects all versions from 2.0-beta9 to 2.16.0.
The latest edition of the ISMG Security Report features an analysis of the Log4j security flaw, including the risks and mitigation techniques, how to patch Log4j, and CISO Dawn Cappelli on Log4j response.
Security and IT teams racing to mitigate the threat posed by the ubiquitous Apache Log4j 2.14 flaw are facing a new problem: Which version of the patched software should they deploy - 2.15.0 or the newly released 2.16.0?
What's in store for defenders as attackers increasingly try to target the ubiquitous Apache Log4j vulnerability? "Everyone is a target," says veteran cybersecurity leader Etay Maor, whose team at Cato Networks has been analyzing hundreds of attacks that already attempt to exploit the flaw.
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
Ransomware has had a profound impact on businesses and the cyber insurance market at large, resulting in the need for greater transparency and enhancements to your cybersecurity practices.
Cyber insurance is not a substitute for cybersecurity and organizations of all sizes will need to enhance their...
The Southeast Asian region will see a spike in multifaceted extortion with more public breaches, along with an increase in ransomware-as-a-service operations in 2022, says Singapore-based Yihao Lim, principal intelligence adviser at Mandiant Threat Intelligence.
Several cybersecurity officials charged with safeguarding U.S. critical infrastructure on Thursday outlined both current progress and the complexity of today's network defense. Oversight officials also testifying before the House discussed top-line items that remain outstanding among major agencies.
There is a safer and potentially more profitable way to
conduct business along the manufacturing enterprise –
and the funny thing is it has been here all the time.
By applying API RP 754 and extending it with edge
analytics, it is possible for manufacturers to create a process safety
Digital transformation is well established in the business IT space, but it’s a different story for industrial process
control. Because reliability and safety are so critical to industries like oil and gas, these industries are more
cautious about adopting the newest technologies.
But what are the best ways to...
Securing operational technology (OT) systems for critical
infrastructure requires identifying and tracking a complete inventory
of all OT and IT endpoints. Only with a comprehensive inventory
that includes configuration data can companies protect against
unauthorized change, achieve compliance, mitigate risk...
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why security teams are still unprepared for cyberattacks over weekends and holidays, which experts warn is when attackers love to strike.