How can SMBs extend their SecOps capabilities without adding headcount?

Which is more important for achieving organizational cybersecurity: security products or security people? The right answer to this (trick) question is that both are equally important. But while cybersecurity budgets are rising, most small and some midsize organizations looking to employ skilled cybersecurity professionals are often unable to match salaries offered by big enterprises in […]

Continue Reading

Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)

It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to deliver Emotet/Trickbot/Bazaloader malware family. Vulnerabilities of note in this patch batch Of the 67 CVE-numbered flaws, CVE-2021-43890 – a Windows AppX Installer spoofing vulnerability – will, understandably, be a patching priority. “CVE-2021-43890 […]

Continue Reading

Ransomware hits HR solutions provider Kronos, locking customers out of vital services

The end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group (UKG), one of the biggest HR and workforce management solutions providers in the US. Many organizations use Kronos for organizing workers’ schedules, tracking vacations, processing payroll and […]

Continue Reading

Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterprise applications out there. The existence of the vulnerability and the public release of PoCs exploiting it have made this weekend a […]

Continue Reading