My TechDecisions

Search Results: Log4j

Log4j, Older Vulnerabilities, CISA KEV

Malware Developers Are Targeting These 10 2021 Security Bugs

Research from Skybox Security finds that security 2021 bugs in Log4j and Exchange Server are the most targeted by malware developers.

April 13, 2022 Zachary Comeau Leave a Comment

Security analysts at Skybox Security uncovered a 42% increase in new ransomware programs targeting known vulnerabilities last year, including critical vulnerabilities discovered in Log4j and Exchange Server. The San Jose, Calif. cybersecurity company’s 2022 Vulnerability and Trends Report, released this week, details how quickly hackers capitalize on new security bugs and continue to reduce the […]

Read More
Log4j, Older Vulnerabilities, CISA KEV

Supply Chain Attacks Jump 51% In Second Half of 2021

Malicious actors are increasingly attacking the software supply chain, leading to renewed calls for supplier transparency.

April 12, 2022 Zachary Comeau Leave a Comment

Recent IT supply chain attacks such as the SolarWinds compromise, ransomware campaign that leveraged the Kaseya VSA platform or mass exploitation of the Log4j vulnerabilities have renewed focus on such attacks, which NCC Group says increased by 51% in the last half of 2021. The consulting and managed services firm’s global survey of 1,400 cybersecurity […]

Read More
Tenable Splunk

What We Know So Far About Spring4Shell

A vulnerability in the widely used Spring Framework for Java is causing alarm in the IT community, but it's not Log4Shell just yet.

April 5, 2022 Zachary Comeau Leave a Comment

The information technology and cybersecurity communities are still assessing the impact of Spring4Shell, a remote code execution vulnerability recently disclosed in the Spring Framework for Java that could allow for remote code execution in vulnerable installations. While exploit attempts have not yet been widespread, there is a simmering concern that this bug could be nearly […]

Read More
Vulnerability Scanning

The Key Components of a Vulnerability Scanning & Management Program

Identifying security bugs and developing a robust vulnerability scanning and patching program should be a core duty of any IT team.

March 31, 2022 Zachary Comeau Leave a Comment

With thousands of new software vulnerabilities to protect against each year, it is critical that organizations develop a robust vulnerability management program that can quickly identify and remediate vulnerabilities in IT environments. Issues like Log4Shell, PrintNightmare, ProxyLogon and dozens of other critical vulnerabilities in widely used systems have kept IT departments up at night as […]

Read More
Log4Shell, Log4j, CVE-2021-44228

VMware Horizon Servers Still Under Log4Shell Attacks

Hackers are still using the Log4Shell exploit to attack VMware Horizon servers and deploy cryptominers and backdoors, according to Sophos.

March 29, 2022 Zachary Comeau Leave a Comment

Hackers are continuing to leverage the Log4Shell vulnerability to attack VMware Horizon servers and deploy cryptocurrency mining malware and backdoors, with a large wave of such attacks from mid-January still ongoing, according to cybersecurity firm Sophos. In a new report, Sophos says the attempts to leverage Horizon continued and grew in number throughout January and […]

Read More

Fastly Only Vendor Named Gartner Peer Insights™ Customers’ Choice for Web Application and API Protection for Four Consecutive Years

March 23, 2022 TechDecisions Staff Leave a Comment

Highest-rated amongst customers who have purchased, implemented, and used a WAF, with an average rating of 4.9 out of 5 stars SAN FRANCISCO–(BUSINESS WIRE)–Fastly, Inc. (NYSE: FSLY), today announced it was named a March 2022 Gartner Peer Insights Customers’ Choice for Web Application and API Protection (WAAP) for the fourth consecutive year. In a review […]

Read More
SBOMs

What Needs To Be In An SBOM?

With cybercriminals increasingly leveraging the software supply chain, SBOMs are becoming an important tool. This is what they need to include.

March 15, 2022 Zachary Comeau Leave a Comment

When alleged Russian hackers compromised the SolarWinds Orion platform to spy on U.S. agencies and other high-profile entities, the tech industry renewed its call for the adoption of software bills of materials (SBOM) — an inventory of components that make up the final product. Advocates say that will help give IT and cybersecurity professionals the […]

Read More
Cybersecurity testing, penetration testing, cyber threats

Study: It Takes Over Three Months For Cybersecurity Teams to Adopt New Skills

Cybersecurity teams tasked with defending against emerging threats are taking too long to adopt necessary skills, Immersive Labs report says.

March 10, 2022 Zachary Comeau Leave a Comment

With today’s cybersecurity attacks rapidly escalating to never-before-seen proportions and new threats constantly emerging, IT and cybersecurity professionals should be able to quickly pivot and develop the knowledge and skills to defend against these threats. However, a new study suggests that it takes more than three months for that to happen. According to cybersecurity firm […]

Read More
Drata Risk Management

7 Security & Risk Management Trends IT Leaders Should Know

Security leaders must evolve their strategies to protect their organization's digital footprint against these emerging trends.

March 9, 2022 TD Staff Leave a Comment

Security and risk management leaders must evolve their strategies to protect their organization’s expanding digital footprint against new and emerging threats in 2022 and beyond, according to Gartner. The research firm has identified seven security and risk management trends leaders should know: Trend #1: Attack Surface Expansion Enterprise attacks are expanding and so are risks […]

Read More