Author: Admin

Authored by: Gary Miliefsky of Cyber Defense Magazine Deep fake, dropped USB sticks, free offers, vishing, smishing and deep phishing attacks, smart-everything (weak IoT devices), malicious apps, driveby malware, distributed denial of service attacks and so much more abound in our world – my team and yours is bombarded with this garbage, on a daily basis.  There is one purpose – steal data.  They want identities and they want money.  It’s that simple.  If we…

Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them.   Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable.  One research group has dubbed the vulnerability as “Log4Shell,” and the name appears to be sticking. It involves a widely used software used to log information on servers. This software is open…

Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them.   Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable.  One research group has dubbed the vulnerability as “Log4Shell,” and the name appears to be sticking. It involves a widely used software used to log information on servers. This software is open…

Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. The bug was originally disclosed to Apache on November 24th by Chen Zhaojun of Alibaba Cloud Security Team. The impact of this vulnerability has the potential to be massive due to its effect on any product which has integrated the log4j library into its applications. This includes products from internet giants such…

A cyber-attack has been carried out against major German logistics provider Hellmann Worldwide Logistics.  The security incident forced Hellmann to take its central data center offline yesterday. Today, operations at the Osnabrück-based company remain disrupted.  Hellmann said that since the attack was discovered, it has been under the constant observation of its Global Crisis Taskforce, which is analyzing the incident. The company has also hired “external renowned security specialists” to investigate the attack. “As a precautionary…

Critical vulnerability in the popular logging library, Log4j 2, impacts a number of services and applications, including Minecraft, Steam and Apple iCloud. Attackers have begun actively scanning for and attempting to exploit the flaw. Background On December 9, researchers published proof-of-concept (PoC) exploit code for a critical vulnerability in Apache Log4j 2, a Java logging library used by a number of applications and services including but not limited to: Dubbed Log4Shell by researchers, the origin…

HackerOne reports that hackers are reporting more bugs and earning bigger bounties, but is an increase in testing or an increase in software vulnerabilities the cause of the jump? He just wants to help you find your bugs. Image: Shutterstock/Krakenimages.com Bug bounty hub HackerOne has announced that its user base of freelance bounty-hunting hackers have reported a whopping 66,000+ verified vulnerabilities in 2021, a 20% increase over last year’s total. What, exactly, could be going…

Research from Kaspersky finds that a quarter of phishing sites are gone within 13 hours — how in the world can we catch and stop cyber criminals that move so quickly? Image: Vladimir Obradovic, Getty Images/iStockphoto Research from cybersecurity firm Kaspersky has found that most phishing websites vanish or go inactive within days, giving us yet another reason to fear phishing: It’s fly-by-night, hard to track and happens in a flash.  Kaspersky’s in-depth analysis of…

The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the…