Displaying items by tag: Log4j

GUEST RESEARCH: In 2023, Barracuda XDR, including its team of SOC analysts on 24-hour watch, cut through nearly two trillion (1,640 billion) IT events to isolate tens of thousands of potentially high-risk security threats.

GUEST OPINION:  Holiday season is here again, yet as we relax, IT security professionals are completing their end-of-year tasks. Their eyes twitch, and anxiety prevails as another December arrives. 

GUEST OPINION:  Holiday season is here again, yet as we relax, IT security professionals are completing their end-of-year tasks. Their eyes twitch, and anxiety prevails as another December arrives. 

COMPANY NEWS: Qualys, a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it is opening up its award-winning risk management platform to AppSec teams to bring their own detections to assess, prioritise and remediate the risk associated with first-party software and its embedded open-source components.

GUEST RESEARCH: Attackers are quick to exploit new opportunities for attack. The reporting of the Log4J bug in December 2021, for example, is believed to have led to a 150% increase in exploit activity the following year. However, an analysis of Barracuda’s threat detection data shows that attackers rely extensively on long established approaches and home in on weaknesses that have often also been around for years.

GUEST OPINION: While repercussions from the recent hacker attacks on Australia's Optus and Medibank are still resounding as media writers estimate ever higher damage costs, attacks on supply chain targets are flying under the radar.

Tanium has released its software bill of materials (SBOM) to help organisations protect their digital assets against external threats stemming from open-source software including OpenSSL 3.

Automated cybersecurity specialist Forescout Technologies has introduced Forescout Frontline, a threat hunting service for organisations that lack the internal resources and visibility to defend themselves from cybersecurity attacks.

GUEST OPINION: Companies are adopting cloud native technologies faster than ever before. With new technology comes new threats and challenges, so it’s no surprise that we’re seeing an increasing number of cyber threats targeting cloud native environments.

2021 began with the SolarWinds supply chain attack and ended with the Log4j vulnerabilities, with vastly increased levels of ransomware in between. Cybercriminals are on the rise and 2022 shows no sign of abating. SonicWall’s comprehensive 66-page report brings you research, trends, and insights that make it a must-read for all CISOs, CTOs, and CIOs.

McAfee Enterprise and FireEye have come together to create a resilient digital world as Trellix, and the new company’s first research report has come out. It reveals the magnitude of the Log4j vulnerability which dominated headlines and the focus of security teams and defenders alike - along with other insights into security issues in the third quarter of 2021. The report is a fascinating - and deeply sobering - read.

McAfee Enterprise and FireEye have come together to create a resilient digital world as Trellix, and the new company’s first research report has come out. It reveals the magnitude of the Log4j vulnerability which dominated headlines and the focus of security teams and defenders alike - along with other insights into security issues in the third quarter of 2021. The report is a fascinating - and deeply sobering - read.

From the SolarWinds attacks throughout last year to the influx of Apache Log4j vulnerability exploitations, the 2022 Security Report conducted by Check Point Research reveals the key attack vectors and techniques in 2021.

The Log4j vulnerability appears to have been overhyped by the infosec industry, with nothing like the scale of attacks expected materialising.

COMPANY NEWS: Since the first vulnerability in the Apache Foundation’s Log4j logging tool was revealed on 10 December, three sets of fixes to the Java library have been released as additional vulnerabilities were uncovered. This rapid iteration of fixes has left software developers and organisations worldwide scrambling to assess and mitigate their exposure with nearly daily-changing guidance. In the meantime, we’ve seen attempts to detect or exploit the vulnerability continue non-stop.

A senior security professional says the vulnerability in the Log4j Java-based logging library is comparable to both the Heartbleed and Shellshock flaws that have come to light over the last decade, but the new vulnerability is more devastating.