Search Results: Log4j

ProxyShell, Log4Shell Among Most Exploited Security Bugs

New cybersecurity trends report from Palo Alto Networks finds that attackers are quickly exploiting new vulnerabilities.

July 27, 2022 Zachary Comeau Leave a Comment

Updating systems and patching security vulnerabilities has always been a key part of the job for any IT or security professional, but a new report from cybersecurity giant Palo Alto Networks sheds new light on just how quickly threat actors are leveraging new vulnerabilities. The Santa Clara, Calif.-based security software provider’s Unit 42 Incident Response […]

Log4Shell Will Remain an Issue For a Decade

The Log4Shell bug will remain an issue for IT and security teams for possibly a decade or longer, says new Cyber Safety Review Board report.

July 25, 2022 Zachary Comeau Leave a Comment

The critical vulnerability discovered late last year in the popular Java logger Log4j will be impacting IT environments for years due to the difficulty in finding and remediating vulnerable instances of the tool, according to a new report from the U.S. Department of Homeland Security’s Cyber Safety Review Board. The board—established in the wake of […]

Microsoft Open Sources Salus SBOM Tool

Microsoft is open sourcing its SBOM tool Salus to help the IT industry better understand their dependencies on the software supply chain.

July 13, 2022 Zachary Comeau Leave a Comment

Microsoft is open sourcing its software bill of materials (SBOM) tool Salus to help the technology industry and IT decisionmakers better understand the security of their tools and their dependencies on the software supply chain. SBOMs have recently been given heightened importance after several high-profile cybersecurity flaws in popular software products have led to widespread […]

WatchGuard: Ransomware on Pace for Record Year

WatchGuard Technologies says ransomware detections doubled the total number of detections for all of 2021 in just the first quarter.

June 28, 2022 Zachary Comeau Leave a Comment

Despite increased law enforcement pressure on the ransomware industry and an IT community that has never been more aware of the ransomware threat, ransomware detections had already doubled the total number of detections for all of 2021 in just the first quarter, according to a new report from WatchGuard Technologies. The cybersecurity firm’s researchers say […]

Log4Shell Exploitation Continues, Agencies Warn

Multiple hacking groups are leveraging the vulnerability in the ubiquitous Log4J tool six months after it was first discovered, CISA says.

June 24, 2022 Zachary Comeau Leave a Comment

More than six months after the Log4Shell vulnerability was discovered in the widely used Java logger Log4j, cybersecurity agencies are warning of the continued exploitation of the bug in unpatched VMWare Horizon and Unified Access Gateway servers. The U.S. Cybersecurity and Infrastructure Agency (CISA), along with the U.S. Coast Guard Cyber Command (CGCYBER), say malicious […]

SentinelOne Unveils Singularity Vulnerability Mapping for Autonomous Vulnerability Assessment and Remediation

June 7, 2022 TechDecisions Staff Leave a Comment

AI-Powered Vulnerability Assessment, Prioritization, and Remediation Reduces Enterprise Risk MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced Singularity Vulnerability Mapping, delivering vulnerability assessment, prioritization and remediation at machine speed. Singularity Vulnerability Mapping leverages Ivanti’s unified IT platform and SentinelOne’s Singularity XDR to provide security teams with autonomous scanning capabilities to […]

Should Log4Shell Still Keep CISOs Up at Night?

Invicti's Dan Murphy explains why CISOs shouldn't be worried about Log4Shell's impact, months after the Log4j threat.

June 7, 2022 Dan Murphy Leave a Comment

In December 2021, the Apache Software Foundation disclosed that the popular Log4j framework contained a critical vulnerability that allowed remote code execution (RCE).  It caused a security earthquake, keeping many CISOs up at night. The aftershocks are still felt. The vulnerability, known as Log4Shell, was extremely easy to exploit. Put simply, it allowed any malicious […]

K2 Cyber Security Wins Global InfoSec Award for “Hot Company in Application Vulnerability Detection” at RSA Conference 2022

June 7, 2022 TechDecisions Staff Leave a Comment

SAN JOSE, Calif.–(BUSINESS WIRE)–K2 Cyber Security, pioneer of the next generation in application security, today announced that the Company has been recognized by Cyber Defense Magazine as a “Hot Company in Application Vulnerability Detection.” The K2 Security Platform offers a breakthrough solution to improve application vulnerability detection and remediation during both pre-production testing and application […]

MITRE’s New “System of Trust” Protects Vulnerable Supply Chains

June 6, 2022 TechDecisions Staff Leave a Comment

SAN FRANCISCO–(BUSINESS WIRE)–Tomorrow at the RSA 2022 Conference, MITRE will unveil its new “System of Trust,” a framework to provide a comprehensive, community-driven, knowledge base of supply chain security risks and a customizable, security-risk assessment process for use by any organization within the supply chain ecosystem. For the first time, there’s a free and open […]

Static SBOMs vs Dynamic SBOMs

While more organizations recognize that they need an SBOM, dynamic SBOMS are far superior than static ones.

June 6, 2022 Liran Tancman Leave a Comment

Since the federal government mandate calling for the creation of a software bill of materials (SBOM) to avoid the next SolarWinds or Log4j exposures, software providers have been scrambling to figure out how to create SBOMs that are both effective and dynamic, given that software changes over time. Bills of material have long been standard […]