Phishing is one of the most well-known cyberattack methods, but hackers still have considerable success despite security teams' best efforts. Attackers use phishing attacks to gain access to login credentials, financial information like credit card details or bank accounts, company data, and any other digital assets...
The spyware of sanctioned Israeli firm NSO Group was reportedly detected on the smartphones of high-profile Polish figures associated with the nation's opposition party. And the spyware has also reportedly been tied to the phone of Hanan Elatr, wife of the late journalist Jamal Khashoggi.
The Log4j vulnerability has underscored once again the widespread dependence on open-source software projects and the lurking risks. Patrick Dwyer of OWASP says such projects deserve more resources to avoid major security vulnerabilities.
The Belgian Ministry of Defense, which is responsible for national defense and the Belgian military, announced on Monday that it has fallen victim to a cyberattack officials say relates to the widespread Apache Log4j vulnerability. The attack "paralyzed the ministry's activities for several days."
The Chinese state-sponsored threat group Tropic Trooper has resurfaced as Earth Centaur and is targeting the transportation industry and government agencies associated with that sector, according to new research from cybersecurity firm Trend Micro.
An Indian joint parliamentary committee has reintroduced set penalties for data violations after yielding to opposition demands. Some cyber law experts still believe it is unlikely organizations will be heavily penalized owing to deficiencies in the country's legal procedures.
A Trojanized malicious software known as "Joker" malware has made a comeback and was detected in a Google Play app downloaded more than 500,000 times, researchers say. Found this time on an app called Color Message, Joker had the ability to go undetected for long periods of time.
For anyone hoping to celebrate the decline and fall of ransomware by year's end, think again. While some notable operations have bowed out - at least in name - threat intelligence firm Intel 471 warns that newcomers now account for the majority of attacks, and attack volume is "still on the rise."
Apache has released Log4j version 2.17 to fix yet another high-severity denial-of-service vulnerability - tracked as CVE-2021-45105 with a CVSS score of 7.5 - that affects all versions from 2.0-beta9 to 2.16.0.
Multiple new attacks exploiting the explosive Apache Log4j vulnerabilities have been uncovered, including a newly discovered JavaScript WebSocket attack, threat actors injecting Monero miners via Remote Method Invocation and the comeback of an old and relatively inactive ransomware family.
In an emergency directive issued on Friday regarding the explosive Apache Log4j vulnerabilities, CISA has required federal civilian departments and agencies to assess their internet-facing network assets and immediately patch the systems or implement appropriate mitigation measures.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including mitigating the Apache Log4j zero-day vulnerability, findings from a new report analyzing the Conti ransomware attack on Ireland's Health Services Executive and President Biden's drive to...
The latest edition of the ISMG Security Report features an analysis of the Log4j security flaw, including the risks and mitigation techniques, how to patch Log4j, and CISO Dawn Cappelli on Log4j response.
From the rain forest of northern Brazil to the business hub of Sao Paulo, Marco Túlio has built an impressive career in cybersecurity. He discusses the opportunity and challenge of enabling people to step up, succeed and eventually rise to be leaders in their own right.
Attackers tied to China, Iran, North Korea and Turkey have been targeting or testing exploits of the ubiquitous Apache Log4j vulnerability. Vendors are rushing to identify and patch supported software and hardware as cybersecurity agencies urge organizations to mitigate the threat and beware exploit attempts.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.