Security News > 2021 > December > Week in review: Log4Shell updates, Kronos ransomware attack, unused identities threat
The Log4j JNDI attack and how to prevent itThe disclosure of the critical Log4Shell vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the entire information security community, but most of all those who are tasked with keeping enterprise systems and network secure.
Ransomware hits HR solutions provider Kronos, locking customers out of vital servicesThe end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group, one of the biggest HR and workforce management solutions providers in the US. Microsoft patches spoofing vulnerability exploited by EmotetMicrosoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability actively exploited to deliver Emotet/Trickbot/Bazaloader malware family.
Modern cars: A growing bundle of security vulnerabilitiesIn this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about modern car vulnerabilities, the techniques hackers are using to compromise connected vehicles and how to protect users.
Leveraging AIOps for a holistic view of network performance and securityIn this interview with Help Net Security, Terry Traina, CTO at Masergy, talks about the benefits of leveraging AIOps and how it can help thwart growing security threats.
Unused identities: A growing security threatAccording to our internal research, 6% of user accounts within an organization are inactive.
How to implement security into software design from the get-goSoftware professionals know that the working relationship between developers and security teams can be complicated.
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Port of Seattle hit by Rhysida ransomware in August attack (source)
- AutoCanada says ransomware attack "may" impact employee data (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)