Security News > 2021 > December > Week in review: Log4Shell updates, Kronos ransomware attack, unused identities threat

Week in review: Log4Shell updates, Kronos ransomware attack, unused identities threat
2021-12-19 09:00

The Log4j JNDI attack and how to prevent itThe disclosure of the critical Log4Shell vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the entire information security community, but most of all those who are tasked with keeping enterprise systems and network secure.

Ransomware hits HR solutions provider Kronos, locking customers out of vital servicesThe end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group, one of the biggest HR and workforce management solutions providers in the US. Microsoft patches spoofing vulnerability exploited by EmotetMicrosoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability actively exploited to deliver Emotet/Trickbot/Bazaloader malware family.

Modern cars: A growing bundle of security vulnerabilitiesIn this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about modern car vulnerabilities, the techniques hackers are using to compromise connected vehicles and how to protect users.

Leveraging AIOps for a holistic view of network performance and securityIn this interview with Help Net Security, Terry Traina, CTO at Masergy, talks about the benefits of leveraging AIOps and how it can help thwart growing security threats.

Unused identities: A growing security threatAccording to our internal research, 6% of user accounts within an organization are inactive.

How to implement security into software design from the get-goSoftware professionals know that the working relationship between developers and security teams can be complicated.


News URL

https://www.helpnetsecurity.com/2021/12/19/week-in-review-log4shell-updates-kronos-ransomware-attack-unused-identities-threat/