Botnet operators have launched DDoS attacks on devices that have not applied patches for two separate vulnerabilities, researchers say. One is a Mirai-based botnet dubbed Moobot, according to cybersecurity firm Fortinet, and the other is an unnamed Mirai-reminiscent botnet, according to Qrator Labs.
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
Ultimate Kronos Group, a U.S.-based multinational firm that provides workforce management and human resource management systems, says that its private cloud service has fallen victim to a ransomware attack. An executive with the company says service restoration may take "several weeks."
Accenture's State of Cybersecurity Resilience 2021 study finds that 55% of large companies are not effectively stopping cyberattacks, finding and fixing breaches quickly, or reducing the impact of breaches. Ryan LaSalle of Accenture Security discusses how to increase cyber resiliency.
Multiple security researchers have spotted threat actors already exploiting the Apache Log4j vulnerability by deploying Muhstik and Mirai botnets to target Linux devices. Their advice: Ensure to remove any existing compromise before patching, and expect this flaw to be exploited for the long term.
A Russian national has been sentenced to 48 months in prison for aiding a botnet scheme that infected victims' devices with malicious Kelihos malware and ransomware, according to the U.S. Justice Department.
Indian Prime Minister Narendra Modi's official Twitter account was compromised - for the second time - as part of a cryptocurrency scam. The account was "immediately secured" by Twitter, according to a tweet by the PM’s Office. Cyberlaw experts discuss where the onus of protection lies.
The Biden administration has announced that the U.S. and several allies have aligned to create the Export Controls and Human Rights Initiative, which puts stricter criteria around the export of certain offensive cyber tools, particularly those that end up in the hands of authoritarian regimes.
Federal regulators are warning healthcare sector entities worldwide that an authentication vulnerability in a variety of Hillrom Welch Allyn cardio products, if exploited, could allow attackers access to privileged accounts. Why is the flaw so worrisome for some healthcare IT environments?
As of Dec. 13, the U.K. is facing a "tidal wave" of infections from the COVID-19 Omicron variant, and case numbers are rising in North America as well. What do health experts know so far about the spread and severity of Omicron infections? Pandemic expert Regina Phelps shares insights.
COVID-19 has been a game changer - not just in how government agencies deliver services, but in how fraudsters try sneaking illegal access to them. Ryan Schaller, senior CIAM developer specialist at Okta, discusses these new faces of fraud and what state and local governments can do to combat them.
In today's disparate IT environment, there are gaping, business critical gaps in enterprise log management. Graylog's Mark Brooks discusses the Log Management Maturity Model and the six (6) critical steps to move from "no alignment" to "continuous improvement."
For many security teams, it's been all hands on deck since the Apache Log4j zero day vulnerability recently came to light. Experts say the flaw may be the most serious security vulnerability to have emerged in years, and organizations are now racing to identify their exposure and defenses they can deploy.
A massive wave of ongoing attacks has been targeting more than 1.6 million WordPress sites, researchers at Wordfence say. So far, they've counted more than 13.7 million individual attacks in just 36 hours, focused on exploiting four different WordPress plug-ins and several Epsilon framework themes.
Researchers have developed and released an urgent "vaccine" for a zero-day vulnerability detected in the Java logging library Apache Log4j on Friday. It is reported that the vulnerability is being exploited by advanced persistent threat-level actors.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.