Hackers are continuing to leverage the Log4Shell vulnerability to attack VMware Horizon servers and deploy cryptocurrency mining malware and backdoors, with a large wave of such attacks from mid-January still ongoing, according to cybersecurity firm Sophos. In a new report, Sophos says the attempts to leverage Horizon continued and grew in number throughout January and […]
More than two months after the Log4j vulnerabilities known as Log4Shell were discovered, 30% of Log4j instances remain vulnerable for hackers to exploit and take control of affected systems, according to cybersecurity firm Qualys. The company indexed more than 10 trillion data points across its installed enterprise customer base and completed six billion IP scans […]
Security and risk management leaders must evolve their strategies to protect their organization’s expanding digital footprint against new and emerging threats in 2022 and beyond, according to Gartner. The research firm has identified seven security and risk management trends leaders should know: Trend #1: Attack Surface Expansion Enterprise attacks are expanding and so are risks […]
Google says there are as many as 400,000 scans for Log4j vulnerabilities against Google Cloud each day, suggesting that IT professionals need to continue to be vigilant and ensure that they remediate vulnerable systems. The claim comes in Google’s Threat Horizons Executive Snapshot this month, a quarterly report from the company’s Cybersecurity Action Team. Google […]
After the Log4j vulnerabilities threw a wrench into the holiday plans of IT and cybersecurity folks last month, the federal government has taken swift action to address the issue, including instructing federal agencies to quickly patch and mitigate the vulnerability and making other resources available to the larger IT community. Now, the issue has been […]
The IT and cybersecurity community sounded the alarm last month when researchers discovered vulnerabilities in Log4j, the ubiquitous java logger used by a wide range of tech products. The tool has been patched and vendors are quickly deploying its own patches for products that use the tool, but the situation is not getting much better […]
Just days into the new year and the cybersecurity community is already playing catch up thanks to the recent Log4j vulnerability which illuminated major setbacks in how organizations deal with its own software and open-source packages on which its relies on. In particular, organizations have been caught off guard in auditing its own systems, giving […]
IT and security professionals should continue to be vigilant and look for signs of vulnerable versions of Log4j as exploitation attempts stretch into a second month, Microsoft warns. According to an update to a running Microsoft security blog on the issue, sophisticated threat actors like nation-state groups and others are rolling Log4J exploitations into its […]
Just in time for the holidays, the Log4j vulnerabilities sent IT and security teams into a panic earlier this month. The Apache Foundation has since fixed the bugs and issued patches, so the onus is now on software developers and administrators to patch software and apply the fixes. Since Log4j is a hugely popular Java […]
Multiple governments have released a long list of IT vendors and their products that are impacted by the Log4j vulnerability, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Dutch National Cyber Security Centrum (NCSC) The two agencies are maintaining running lists of vendors impacted by the vulnerability on their respective GitHub repositories, […]
FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets
View all Guides
Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.
Enter Today!