Log4j update in Microsoft 365 Defender causes stream of false notifications
The recently released Log4j update for Microsoft 365 Defender generated a stream of false notifications. Microsoft has since fixed the problem.
This week, Microsoft released an update for Microsoft 365 Defender to address the notorious chain of Log4j vulnerabilities. Unexpectedly, the update gen... Read more
Vice Society hacks Norwegian newspaper, takes credit for UK Spar attack
The ransomware gang appears to have called their victims' bluff and published files in retaliation for non-payment.
The Vice Society ransomware gang has claimed responsibility for an attack on a U.K. Spar wholesaler earlier this month and is being linked to an attack on a Norwegian media company... Read more
China-based Aquatic Panda hackers actively exploit Log4j
Aquatic Panda, a China-based hacking collective, directly exploited the Log4j vulnerability to attack an undisclosed academic institution. The attack was discovered and parried by CrowdStrike's Overwatch threat-hunting specialists.
According to CrowdStrike, China-based hackers launched an attack... Read more
LastPass says its own systems mistakenly generated security alerts
Further investigation into possible hacks of LastPass accounts via so-called 'credential stuffing' reveals that LastPass has previously concluded incorrectly. LastPass's systems falsely generated security alerts that were believed to indicate hacking attempts.
The fuss surrounding possible LastP... Read more
Microsoft issues Defender updates to address Log4j vulnerability
Microsoft updated several Defender solutions to defend users against exploits of Log4j. Among other things, the updates allow companies to identify and resolve Log4j vulnerabilities faster.
Specifically, Defender for Containers and Microsoft 365 Defender solutions underwent a change. Among other... Read more
Hackers attempt to crack LastPass accounts with credential stuffing
Password manager LastPass is under fire. In recent days, hackers made several attempts to break into the password vaults of LastPass users. According to the password manager, credential stuffing is at the base of the attacks.
Users of LastPass reported break-in attempts into the digital safes de... Read more
Apache releases new patch 2.17.1 for Log4j vulnerability
Another vulnerability was discovered in Log4j. Accordingly, the Apache Foundation released a patch. Version Log4j 2.17.1 fixes a newfound method for remote code execution.
The vulnerability was found in version 2.17.0 and named CVE-2021-44832. Authorization to modify the configuration file allow... Read more
‘Budgets for security will further increase in 2022’
Security will continue to be one of the most important concerns for companies in 2022. According to Neustar International Security Council (NISC), companies' security budgets will further increase in the coming year.
NISC, a research department of security and analytics specialist Neustar, says ... Read more
The White House invests in open-source software security
The Biden administration is investing in open-source software security. Bloomberg reports that several open-source software providers and developers were invited to a governmental meeting in mid-January 2021.
According to Bloomberg, U.S. National Security Advisor Jake Sullivan has invited key te... Read more
‘Open-source security specialist Snyk considers IPO in 2022’
Security specialist Snyk is considering going public next year, Bloomberg reports. The IPO should generate more than the current company value of 7.6 billion euros (8.6 billion dollars).
According to Bloomberg, the security specialist is currently in negotiations with banks concerning the IPO. T... Read more