Even with the growing awareness about cybersecurity, many myths about it are prevalent. These misconceptions can be a barrier to effective security. Read on to find out which of the following you thought were true. (By The Hacker News)
The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, NSA, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) are releasing this joint Cybersecurity Advisory (CSA) to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited. (By CISA)
In 2022, threats are unlikely to slow down. If your network and security tools aren't up to the task of protecting your organization now, it's not going to be any better in 2022. If you're still struggling to integrate and manage a collection of single-purpose products, the resulting complexity and lack of visibility is likely to leave your organization at risk. Although no one can definitively predict the future, here are five up-and-coming threats we're keeping an eye on. (By Ravie Lakshmanan, CSO)
A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. (By Ravie Lakshmanan, The Hacker News)
The vast majority of businesses can be compromised within a month by a motivated attacker using common techniques, such as compromising credentials, exploiting known vulnerabilities in software and Web applications, or taking advantage of configuration flaws, according to an analysis of security assessments by Positive Technologies. (By Dark Reading)