Threat actors have exploited a vulnerability in Log4j software to wage a cyber-attack on Belgium’s Defense Ministry. The attack began on December 16 and was confirmed by Belgium’s Ministry of Defense on Monday.  Speaking to the AFP in Brussels on Tuesday, Belgian military spokesman Commander Olivier Séverin said that the incident had caused damage to services that were connected to the internet, paralyzing part of the ministry’s activities.  He added that five days after the attack began, analysis of the incident…

By Sean Duca, Regional CSO, JAPAC In the early spring of 2020, as the world shifted to work remotely, security models used by many organizations were put to the test. Remote work was not a new thing, but never before had it been needed at the same scale and urgency. While many organizations used to have some employees working remotely, few were ready for everyone to be remote. The big question facing all organizations was…

What Is This Report? The State of Hybrid Workforce Security 2021 report looks at how organizations are viewing the challenges and opportunities of hybrid work as the need for a long-term plan to enable secure hybrid work has become increasingly paramount. The independent third-party research firm ONR interviewed 3,000 enterprise IT professionals from around the world. The study included C-level executives as well as practitioners. Why Is It Important Now? With the onset of the…

Cybercrime officers in the United Kingdom have arrested two individuals employed by the National Health Service (NHS) in connection with an investigation into suspected fake COVID-19 vaccination records. The Metropolitan Police’s Cyber Crime Unit launched an investigation after suspicious vaccination records were flagged within the NHS Trust’s online electronic health records system.  On December 14, a 36-year-old man from Ilford, East London, was arrested on suspicion of unauthorized computer access and conspiracy to commit fraud by misrepresentation….

A three-hospital health system in West Virginia has become the victim of a business email compromise (BEC) scam that began with a phishing attack.  Monongalia Health System, Inc. (MHS) had no idea that its cybersecurity defenses had been penetrated until a vendor reported not receiving a payment from the healthcare provider on July 28, 2021.  An investigation was launched, which determined that threat actors had compromised several email accounts belonging to MHS employees between May…

Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit. The availability of the POC exploit and ease of exploitation triggered the widespread exploitation attempts that we are now witnessing. CVE-2021-44228 –…