Our news
-
FTC to Go After Companies that Ignore Log4j
Companies that fail to protect secure consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.
-
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
-
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.
-
Vulnerability Summary for the Week of December 27, 2021
Original release date: January 4, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — log4j Apache Log4j2 versions 2.0-beta7 through…
-
What the Rise in Cyber-Recon Means for Your Security Strategy
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.
-
APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.
-
5 Cybersecurity Trends to Watch in 2022
Here’s what cybersecurity watchers want infosec pros to know heading into 2022.
-
2021 Wants Another Chance (A Lighter-Side Year in Review)
The year wasn’t ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.
-
That Toy You Got for Christmas Could Be Spying on You
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.
-
Vulnerability Summary for the Week of December 20, 2021
Original release date: December 27, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — dimension Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context…