Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool.
Follow Dark Reading:
 April 28, 2022
LATEST SECURITY NEWS & COMMENTARY
Log4j Attack Surface Remains Massive
Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool.
Iranian Hacking Group Among Those Exploiting Recently Disclosed VMware RCE Flaw
Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says.
Tenable's Bit Discovery Buy Underscores Demand for Deeper Visibility of IT Assets
The four-year-old firm, started by two industry veterans, focuses on gaining visibility into Internet-facing services as more companies seek insight into what attackers see.
Chinese APT Bronze President Mounts Spy Campaign on Russian Military
The war in Ukraine appears to have triggered a change in mission for the APT known as Bronze President (aka Mustang Panda).
Early Discovery of Pipedream Malware a Success Story for Industrial Security
Cybersecurity professionals discovered, analyzed, and created defenses against the ICS malware framework before it was deployed, but expect the stakes to keep rising.
How Industry Leaders Should Approach Open Source Security
Here's how to reduce security risk and gain the benefits of open source software.
Cyber Conflict Overshadowed a Major Government Ransomware Alert
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.
3 Ways We Can Improve Cybersecurity
To better manage risks, companies can concentrate on resilience, sharing information to protect from cyber threats, and making the cybersecurity tent bigger by looking at workers with nontraditional skill sets.
Coca-Cola Investigates Data-Theft Claims After Ransomware Attack
The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.
FBI Warns Ransomware Attacks on Agriculture Co-ops Could Upend Food Supply Chain
Ransomware groups are looking to strike large agriculture cooperatives during strategic seasons, when they are most vulnerable, according to law enforcement.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Overlapping ICS/OT Mandates Distract From Threat Detection and Response
It's time for regulators of critical infrastructure — including industrial control systems and operational technology — to focus more on operational resiliency.

Creating Cyberattack Resilience in Modern Education Environments
From increasing cybersecurity awareness in staff, students, and parents to practicing good security hygiene for devices, using endpoint protection, and inspecting network traffic, schools can boost cybersecurity to keep students safe.

MORE
EDITORS' CHOICE

Zero-Day Exploit Use Exploded in 2021
Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.
LATEST FROM THE EDGE

How Do I Report My Security Program's ROI?
If security leaders focus on visibility and metrics, they can demonstrate their programs' value to company leadership and boards.
LATEST FROM DR TECHNOLOGY

The Ins and Outs of Secure Infrastructure as Code
The move to IaC has its challenges but done right can fundamentally improve an organization's overall security posture.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Implementing and Using XDR to Improve Enterprise Cybersecurity

    Security operations teams are taking a hard look at extended detection and response tools - XDR - as a means of collecting and analyzing threat data and identifying cyber attacks faster and more efficiently. But exactly how does XDR technology ...

  • Building an Effective Active Directory Security Strategy

    For cyber criminals, Microsoft's Active Directory is a treasure trove of user identity and system access. But while Active Directory is a potential attack vector, it can also play a crucial role in enterprise cyber defenses. In this webinar, experts ...
MORE WEBINARS
FEATURED REPORTS
  • How Enterprises Are Securing the Application Environment

    Download this report from Dark Reading to learn more about the measures enterprises have adopted to ensure the security of their internally developed applications and third-party packaged applications.

  • How Data Breaches Affect the Enterprise

    Many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download this report to delve more into this timely topic.
MORE REPORTS
CURRENT ISSUE

Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Synopsys to Acquire WhiteHat Security from NTT
Introducing Apostro: A Risk Management Platform for Web3 Security
SecurityScorecard Launches Cyber Risk Quantification Portfolio
Mastercard Launches Next-Generation Identity Technology with Microsoft
Trend Micro Launches New Security Platform
Neustar Security Services’ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management
Forescout Enhances Continuum Platform With New OT Capabilities
PerimeterX Code Defender Extends Capability To Stop Supply Chain Attacks
Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies
Contrast Security Introduces Cloud-Native Automation
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us