Cybercrime dominates the world: ‘just the tip of the iceberg visible’
The world of cybercrime is gaining a stronger grip on business. Cybercriminals are becoming smarter, using more advanced techniques and attacking more frequently. Many security experts no longer question if a company will be hacked, but when a company will be hacked. In order to get a better pictur... Read more
Ransomware attack forces Portuguese media group Impresa offline
The attack is one of the most serious in that country's history
The Lapsus$ ransomware gang has compromised the infrastructure of Impresa, the largest media conglomerate in Portugal. Impresa owns SIC TV channel, and Expresso newspaper, among other leading media, like several magaz... Read more
Log4j update in Microsoft 365 Defender causes stream of false notifications
The recently released Log4j update for Microsoft 365 Defender generated a stream of false notifications. Microsoft has since fixed the problem.
This week, Microsoft released an update for Microsoft 365 Defender to address the notorious chain of Log4j vulnerabilities. Unexpectedly, the update gen... Read more
Vice Society hacks Norwegian newspaper, takes credit for UK Spar attack
The ransomware gang appears to have called their victims' bluff and published files in retaliation for non-payment.
The Vice Society ransomware gang has claimed responsibility for an attack on a U.K. Spar wholesaler earlier this month and is being linked to an attack on a Norwegian media company... Read more
China-based Aquatic Panda hackers actively exploit Log4j
Aquatic Panda, a China-based hacking collective, directly exploited the Log4j vulnerability to attack an undisclosed academic institution. The attack was discovered and parried by CrowdStrike's Overwatch threat-hunting specialists.
According to CrowdStrike, China-based hackers launched an attack... Read more
LastPass says its own systems mistakenly generated security alerts
Further investigation into possible hacks of LastPass accounts via so-called 'credential stuffing' reveals that LastPass has previously concluded incorrectly. LastPass's systems falsely generated security alerts that were believed to indicate hacking attempts.
The fuss surrounding possible LastP... Read more
Microsoft issues Defender updates to address Log4j vulnerability
Microsoft updated several Defender solutions to defend users against exploits of Log4j. Among other things, the updates allow companies to identify and resolve Log4j vulnerabilities faster.
Specifically, Defender for Containers and Microsoft 365 Defender solutions underwent a change. Among other... Read more
Hackers attempt to crack LastPass accounts with credential stuffing
Password manager LastPass is under fire. In recent days, hackers made several attempts to break into the password vaults of LastPass users. According to the password manager, credential stuffing is at the base of the attacks.
Users of LastPass reported break-in attempts into the digital safes de... Read more
Apache releases new patch 2.17.1 for Log4j vulnerability
Another vulnerability was discovered in Log4j. Accordingly, the Apache Foundation released a patch. Version Log4j 2.17.1 fixes a newfound method for remote code execution.
The vulnerability was found in version 2.17.0 and named CVE-2021-44832. Authorization to modify the configuration file allow... Read more
‘Budgets for security will further increase in 2022’
Security will continue to be one of the most important concerns for companies in 2022. According to Neustar International Security Council (NISC), companies' security budgets will further increase in the coming year.
NISC, a research department of security and analytics specialist Neustar, says ... Read more