Security News > 2021 > December

Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers. The code can steal payment details such as credit card number, holder name, addresses, and CVV, and send them to the actor.

Last Thursday security researchers began warning that a vulnerability tracked as CVE-2021-44228 in Apache Log4j was under active attack and had the potential, according to many reports, to break the internet. To its credit, Apache hastily released a patch to fix Log4Shell with Log4j version 2.15.0 last Friday.

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell vulnerability is nowhere near finished. The recent discovery of a second Log4j vulnerability has shown that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.

Red Piranha pioneered the integrated security service model back in 2015 with out of the box MDR and Incident Response capability, now known as XDR. Since then, the Crystal Eye XDR platform has expanded its feature set to cover Integrated Risk Management, as well as Endpoint Protection with its Crystal Eye Attack Surface Reduction App and an extended range of deployment options across the full organisation's stack. With one of the major barriers to achieving a mature managed security program being lack of staff and lack of budget, you should make the decision around what type of XDR platform works for you, based on the resources you have available and what stage you are at with your security maturity journey.

Commentary: Those searching for a single cause for the Log4j vulnerability - whether it's open source is not secure, or open source is not sustainable - are getting it wrong. Open source isn't a security problem, and open source sustainability is a complicated issue.

Many organizations are already leveraging AIOps across their network and security. With remote and hybrid business models demanding a new level of application performance and security measures to power and protect multi-cloud environments, organizations are embracing AIOps to gain a smarter, holistic view of network performance and security.

Since most organizations simply cannot afford to have 24x7 security teams, managed detection and response services have become a critical aspect of any modern security stack. XDR provider Cynet offers its MDR service, which the company calls CyOps, as part of its offering.

In 2021, we're celebrating the 60th anniversary of the computer password's invention, but it also marks the year of some of the worst password mishaps this century. To honor the milestone, Dashlane announced its 2021 Worst Password Offenders list.

You don't have to log into the network to use the phone - it happens in the background via the SIM. Moreover, the mobile subscriber identity is one of the most widely used forms of digital identity. Firstly, it merely proves the user has access to a phone number, potentially through social engineering, not possession of a physical security token / device.

The survey reinforces the need for healthcare organizations to integrate digital technology and solutions into all areas of the business ecosystem, including secure payment technology to provide peace of mind and ensure patients enjoy secure and seamless payment experiences. Between large hospital networks, private practices, specialists, and urgent care, the survey found that 44% of respondents felt that private practices handled payment and personally identifiable information most securely, and large hospital networks were rated by even fewer at 33%. With a 25% increase in healthcare data breaches year over year and reports of hospitals accounting for 30% of all large data breaches, patients have a heightened sense of awareness and interest in the processes their providers take to protect their information.