Log4j: What we know (and what's yet to come)

The vulnerability has upended federal officials and the infosec industry, putting hundreds of millions of devices and systems at risk. 

By David Jones • Dec. 17, 2021

Log4j attacks poised to rise as threat actors search for attack vectors

Microsoft warns that threat actors are using third-party hosted Minecraft servers to launch ransomware attacks. The company also warned that access brokers are getting into the game.

By David Jones • Dec. 16, 2021

Security teams prepare for the yearslong threat Log4j poses

Industry is still investigating the full extent of the vulnerability, which limits the actions security teams can immediately take. 

By Samantha Schwartz • Dec. 16, 2021

Log4j threat expands as second vulnerability emerges and nation states pounce

Early stage ransomware attempts are underway and federal officials are urging organizations to take immediate steps to protect IT systems.

By David Jones • Dec. 15, 2021

Log4j under siege, millions of devices vulnerable

Technology firms are scrambling to investigate and patch their systems amid reports of more than 800,000 attempted attacks.

By David Jones • Dec. 14, 2021

Federal authorities, technology vendors race to contain Log4j vulnerability

The vulnerability is considered to be among the most dangerous over the past decade, according to security researchers.

By David Jones • Dec. 13, 2021

Is the security of legacy IT providers prompting a confidence crisis?

Research commissioned by CrowdStrike found security professionals are losing confidence in providers like Microsoft amid the rise in supply chain attacks. Microsoft has thoughts. 

By David Jones • Dec. 8, 2021

Tech adoption makes construction industry top target for cyberattacks

Companies like Shawmut emphasize strengthening security, as a new report finds that contractors are at high risk for ransomware and other threats.

By Sebastian Obando • Dec. 2, 2021

Gartner guidance moves away from prioritizing critical CVEs, focuses on exploitability

The analyst firm joined CISA in rethinking CVEs. Focusing on actively exploited vulnerabilities will exponentially improve security, a Gartner analyst said. 

By Samantha Schwartz • Nov. 18, 2021

30K Microsoft Exchange Servers remain vulnerable to new tactics

Organizations have failed to patch widely exploited vulnerabilities, though patches were made available in the spring, Mandiant researchers found.

By David Jones • Nov. 18, 2021

A year after SolarWinds, third-party risk still threatens the software supply chain

Digital transformation requirements have pressured organizations to introduce risk into their environments through open source or commercially available software.

By David Jones • Nov. 12, 2021

CISA's vulnerability catalog is nice to have. But will it change how companies patch?

The agency is encouraging private entities and local governments to monitor the catalog, though its usefulness will depend on a company's resources.

By Samantha Schwartz • Nov. 8, 2021

Better security, access policies can combat cloud misconfigurations

Data disclosures from cloud misconfigurations are often the result of human error — but policies, not users, are to blame.  

By Brian Eastwood • Nov. 4, 2021

CISA overhauls vulnerability management, focuses on CVEs under active exploit

The order is directed at all federal civilian agencies, "however, all organizations should adopt this directive and prioritize mitigating vulnerabilities listed on our public catalog," CISA Director Jen Easterly said.

By Samantha Schwartz • Nov. 3, 2021

Twitter eyes phishing deterrence with security key rollout

The employee multifactor upgrade follows a high-profile attack against celebrity users in 2020, but the social media company says improvements are still needed. 

By David Jones • Oct. 29, 2021

How businesses are tackling fraud in a digital-first reality

With digital transactions and eCommerce continuing to grow in volume, successfully taking on fraud will require businesses to explore and rely on new tools and technologies.

Oct. 25, 2021

Supply chain attacks lift debate on how to manage software vulnerabilities

Researchers and developers dispute where responsibilities lie for early detection and how to manage disclosure to customers. The disagreement can allow vulnerabilities to linger. 

By David Jones • Oct. 21, 2021

Users have bad security habits. What can businesses do?

"As strange as it sounds, in the case of a security incident in the enterprise, you can't blame the user," Bitdefender's Alex "Jay" Balan said. 

By Samantha Schwartz • Oct. 14, 2021

Top global companies falling short in protecting domain security

Major brands leave themselves and their customers open to phishing attacks, ransomware and BEC due to inadequate measures.

By David Jones • Oct. 5, 2021

Threat actors more frequently — and successfully — target Active Directory

Attacks on AD played a prominent role during the high-profile SolarWinds campaign and LockBit 2.0 ransomware attacks.

By David Jones • Sept. 30, 2021

Timely patching remains pain point as high-profile bugs linger

Patches interfering with business productivity are more of a challenge for security teams. 

By Samantha Schwartz • Sept. 29, 2021

How hackers are making the leap from cloud to the software build processes

The security problem with third-party container applications is not, however, indicative of infrastructure flaws.

By Samantha Schwartz • Sept. 28, 2021

Is there too much transparency in cybersecurity?

Between information sharing, software accountability, or incident response and disclosures, companies have to find the disclosure sweet spot.

By Samantha Schwartz • Sept. 21, 2021

Executives fail to make software supply chain security a priority, report finds

The disconnect between rhetoric and performance in the software development and security industries are part of an internal debate: Which sector should take the lead?

By David Jones • Sept. 14, 2021

The Great Resignation and the risk of data loss

The Great Resignation is upon us and with it comes data loss.

Sept. 13, 2021