Follow Dark Reading:
 December 23, 2021
LATEST SECURITY NEWS & COMMENTARY
New Log4j Attack Vector Discovered
Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw.
93% of Tested Networks Vulnerable to Breach, Pen Testers Find
Data from dozens of penetration tests and security assessments suggest nearly every organization can be infiltrated by cyberattackers.
Microsoft Customer Source Code Exposed via Azure App Service Bug
Researchers found an insecure default behavior in Azure App Service exposing source code of some customer applications deployed using "Local Git."
Why Log4j Mitigation Is Fraught With Challenges
The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization's own networks and systems.
Timely Questions for Log4j Response Now — And for the Future
EXPERT INSIGHT: How to assess your exposure to the vulnerability with a combination of asset inventory, testing, solid information sources, and software bills of materials (SBOMs).
CISA Issues Emergency Directive on Log4j
The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it.
Log4j Reveals Cybersecurity's Dirty Little Secret
Once the dust settles on Log4j, many IT teams will brush aside the need for the fundamental, not-exciting need for better asset and application management.
Zero Trust Shouldn’t Mean Zero Trust in Employees
Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure.
Meta Acts Against 7 Entities Found Spying on 50,000 Users
The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance.
Dept. of Homeland Security Launches 'Hack DHS' Program
A new bug bounty program aims to find potential security flaws within certain DHS systems and strengthen the department's security posture.
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Log4Shell: The Big Picture
A look at why this is such a tricky vulnerability and why the industry response has been good, but not great.

The Future of Ransomware
Focusing on basic security controls and executing them well is the best way to harden your systems against an attack.

MORE
EDITORS' CHOICE

Lights Out: Cyberattacks Shut Down Building Automation Systems
Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them.
LATEST FROM THE EDGE

Why We Need to Consolidate Digital Identity Management Before Zero Trust
Zero trust may be one of the hottest trends in cybersecurity, but just eliminating trust from networks isn’t enough to prevent successful organizational data breaches, says Wes Wright, CTO of Imprivata.
LATEST FROM DR TECHNOLOGY

Mobile App Developers Keep Fraudulent Traffic at Bay with Anti-Fraud API
The new API and SDK from Pixalate helps mobile developers avoid getting their apps delisted from app stores by detecting and blocking fraudulent traffic.
Tech Resources
ACCESS TECH LIBRARY NOW

  • Beyond Spam and Phishing: Emerging Email-based Threats

    Even as enterprises adopt real-time messaging tools and platforms, email remains the hub of enterprise communications. Adversaries are increasingly targeting the enterprise email inbox, and security teams need to look further than just spam and phishing attacks. In this webinar, ...

  • Cloud Security Strategies for Today's Enterprises

    The typical enterprise relies on dozens, even hundreds, of cloud applications and services sprawled across different platforms and service providers. Security teams need to shoulder the responsibility of coordinating security and incident response and not leave it up to individual ...
MORE WEBINARS
FEATURED REPORTS
MORE REPORTS
CURRENT ISSUE

How Data Breaches Affect the Enterprise
DOWNLOAD THIS ISSUE SUBSCRIBE NOW
BACK ISSUES | MUST READS | TECH DIGEST
PRODUCTS & RELEASES
Brillio Acquires Cedrus Digital to Strengthen Their Digital Transformation Service Capabilities
NetSPI Adds IoT Penetration Testing to its Suite of Offensive Security Services
SAIC Launches Rugged Apps to Provide Secure Commercial Apps to Government Users
BlackBerry Launches New Managed Extended Detection and Response (XDR) Service
Trend Micro Crowns Champions of 2021 Capture the Flag Competition
Four Out of Five Organizations Are Increasing Cybersecurity Budgets for 2022
SecurityScorecard Research Reveals Cyber Vulnerabilities Pose a Threat to U.S. Maritime Security
Reblaze Appoints New CEO
Cybereason Announces Availability of AI-Driven Cybereason XDR and EDR on Google Cloud Marketplace
MORE PRODUCTS & RELEASES
Dark Reading Weekly
-- Published By Dark Reading
Informa Tech
303 Second St., Suite 900 South Tower, San Francisco, CA 94107
To update your profile, change your e-mail address, or unsubscribe, click here.
To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2021  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us