Monday, January 24, 2022

Defending from Within

Geo-political tension is metastasizing in cyberspace. Last week, CISA, the NSA and FBI issued an unprecedented advisory on imminent Russian cyberattack campaigns detailing the modus operandi of these groups. Destructive cyberattack campaigns are being spawned by Russian cyber-militias. Microsoft...

What’s New in the VMware Carbon Black Tech Zone: December 2021

The VMware Carbon Black Tech Zone allows you to explore our enterprise-class technical resources (demos, insights, release notes, best practices, overviews and more) that are organized and structured in easy-to-follow activity paths. Check out the latest news and insights in...

Demo: Mitigating Log4Shell (CVE-2021-44228) with NSX

This piece was authored by Stijn Vanveerdeghem An initial zero-day vulnerability (CVE-2021-44228), publicly released on 9 December 2021, and known as Log4j or Log4Shell, is actively being targeted in the wild. CVE-2021-44228 was assigned the highest “Critical” severity rating, a maximum risk score of 10. On Tuesday, December 14th, new guidance was issued and a new CVE-2021-45046. Originally scored...

Life Hacks for Cyber Defenders Needed Right Now

Sleep, it seems, is still considered the most discretionary of our biorhythms. Sleep has become that regular periodic activity that is our bank of “extra time” when the pressure’s on – or we want to grab some time for unwinding...

Protect your Kubernetes clusters against Log4shell

A zero-day vulnerability in the Apache Software Foundation Log4j component (CVE-2021-44228 & CVE-2021-45046), known as Log4j or Log4Shell, is actively being targeted in the wild. It has been assigned a the highest “Critical” severity rating with a risk score of 10 (the...

Securing the Future: Cybersecurity Predictions for 2022

Cybercrime is predicted to cost the world $10.5 trillion annually by 2025, up from $6 trillion in 20211. It’s no surprise then that global spending on cybersecurity products and services is expected to rise to $1.75 trillion from 2021...

Log in the Shell: An Analysis of Log4Shell Exploitation

This article was co-authored by Stefano Ortolani, Sebastiano Mariani, Jason Zhang, and Giovanni Vigna A zero-day vulnerability (CVE-2021-44228), publicly released on 9 December 2021 and known as Log4j or Log4Shell, is actively being targeted in the wild. CVE-2021-44228 has been...

Investigating CVE-2021-44228 Log4Shell Vulnerability

This article was co-written by Sanara Marsh, Dale McKay and Chad Skipper VMware Security Update on Investigating CVE-2021-44228 Log4Shell Vulnerability A zero-day vulnerability (CVE-2021-44228) publicly released on 9 December 2021, known as Log4j or Log4Shell, is actively being targeted in the wild.  This blog is intended to detail how VMware Security can help secure your environment. For information on product...

VMSA-2021-0028 & Log4j: What You Need to Know

VMware has released a new critical security advisory, VMSA-2021-0028, in response to the industry-wide issue regarding the open source Apache Software Foundation log4j Java logging component, which was discovered to have a critical vulnerability (CVE-2021-44228). Because the log4j component is...

Introducing Managed Detection and Response for Endpoints and Workloads

Today, Security Operations Center (SOC) teams are understaffed and overwhelmed by cyberattacks that are increasing in both volume and sophistication. Amid the rapidly evolving threat landscape, security teams are spending too much time monitoring and validating alerts instead of...

Digital Staph: Secondary Infections in Cyberspace

Secondary infections now surge in the digital environments of hospitals. Cybercriminals target the Healthcare and Public Health (HPH) Sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain. Beginning last fall the Russian ransomware gang “Ryuk” targeted hundreds of...

TigerRAT – Advanced Adversaries on the Prowl

Summary On September 5th, 2021, the Korea Internet & Security Agency (KISA) released a report on a new threat they dubbed TigerRAT. The newly found malware shares similarities with malware previously reported by Kaspersky and Malwarebytes. Kaspersky has previously attributed...

VMware Carbon Black Tech Zone Demos: Explore our products and solutions

Looking to experience Carbon Black products or VMware security solutions? Visit the VMware Carbon Black Tech Zone for a complete repository of Carbon Black demonstrations. The Tech Zone covers everything to explore how VMware Carbon Black products and technologies can...

Public Policy: Strategies for Civilizing American Cyberspace

Ransomware attacks increased by over 200% in 2020, according to in-depth research by VMware. To address the global concern over ransomware, the White House held a virtual counter-ransomware initiative meeting in October with senior officials representing 30 countries. In my...

Empowering Customers with Simpler and Faster Security

As we approach the end of 2021, a year where cybersecurity has gone mainstream, we are taking a look at the resilience and industry leadership of our more than 30,000 customers. In our Global Security Insights Report 76% of...

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.

DC, 3 States Sue Google Saying it Invades Users' Privacy

The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked. read more
Security Affairs

A flaw in Rust Programming language could allow to delete files and directories

The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity...