Tripwire’s December 2021 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Ubuntu Linux Kernel, and Microsoft. First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 “LogShell” remote code execution vulnerability. There are many attack vectors via various software applications due to Log4j2’s widespread usage in various products. Refer to https://logging.apache.org/log4j/2.x/security.html for more details. Next on the list are patches for Microsoft MSHTML (CVE-2021-40444)…

Companies today face increasing pressure to implement strong cybersecurity controls. While the U.S. has no comprehensive cybersecurity law, many organizations still fall under state, international, or industry regulations. Two of the most prominent controlling publications are the General Data Protection Regulation (GDPR), and the ISO 27701 standard.  One has the force of law, and the other is a guiding framework, respectively. Both of these documents apply to an increasing number of businesses. As the world…

One of the biggest problems with the IT / OT convergence in critical infrastructure is that much of the legacy hardware cannot simply be patched to an acceptable compliance level. Recently, Sean Tufts, the practice director for Industrial Control Systems (ICS) and Internet of Things (IoT) security at Optiv, offered his perspectives on where the industry has been, where it is going, and some of the progress being made to secure critical infrastructure. Phil Labas: Tell me…

By Jason Stirland, CTO at DeltaNet International According to research by Proofpoint, 75% of organizations around the world experienced a phishing attack in 2020, and 74% of attacks targeting US businesses were successful. Furthermore, a study by ENISA, found that 85% of the SMEs questioned agree that cybersecurity issues would have a detrimental impact on their businesses, with 57% saying they would go out of business if hit. The study also reveals that phishing attacks are the most common cyber incidents SMEs…

Evaluating, Benchmarking and Creating a Strategy By Justin Kohler, Director of BloodHound Enterprise, SpecterOps Over 90% of the Fortune 1000 use Microsoft Active Directory (AD) for identity and access management. This ubiquity makes AD a prime target for attackers because compromising it almost always gives them the access they need to achieve their goals. Additionally, attackers can compromise AD easily by manipulating common errors in user identity and privilege. Consider this scenario: An attacker gets…

CIO Middle East has compiled a list with some of the most important and exciting technology events in the region, curated especially for IT leaders working in private enterprise and public administrations. This list will be updated as more events are confirmed throughout the year. We recommend that you double-check the status of any in-person event you want to attend before committing to travel. Check back for for updates! January 2022 17-19 January: Future Sustainability…