Collaborate Disseminate
There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle OPERA is a Property Management Solution (PMS) that is in use in a bunch of …read more Continue reading This Week in Security: Oracle Opera, Passkeys, and AirTag RFC
Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security Teams and Hackers What made this exposure so damaging was how widespread this piece of […]
The post With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job appeared first on Security Intelligence.
In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath of applications and services. Nearly anything from popular consumer and enterprise platforms to critical infrastructure […]
The post Log4j Forever Changed What (Some) Cyber Pros Think About OSS appeared first on Security Intelligence.
Continue reading Log4j Forever Changed What (Some) Cyber Pros Think About OSS
As the SolarWinds and Log4j hacks show, vulnerabilities in open source software used in application development can open doors for attackers with vast consequences. A new study looks at the open source community’s efforts to “credit-rate” the risk.
The… Continue reading Open source code for commercial software applications is ubiquitous, but so is the risk
DHS officials said Lapsus$ is the perfect target for the next CSRB report and described the hacking group’s hacks as “ongoing.”
The post DHS Cyber Safety Review Board to focus on Lapsus$ hackers appeared first on CyberScoop.
Continue reading DHS Cyber Safety Review Board to focus on Lapsus$ hackers
72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from over 500 million tests. A vulnerability that’s difficult to eradicate W… Continue reading A year later, Log4Shell still lingers
How bad was the Log4j vulnerability for open source’s reputation? One of the most high-profile exploits in recent years, it even led to a government advisory from the UK’s National Cyber Security Center being issued after Iranian state hackers took adv… Continue reading Following Log4j: Supporting the developer community to secure IT
Third time unlucky. Time to put your patching boots on again… Continue reading Dangerous hole in Apache Commons Text – like Log4Shell all over again
Chinese hackers have become increasingly brazen and are investing more time to stealing intellectual property and breaking into sensitive networks, according to National Security Agency cyber chief Rob Joyce.
The post Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory appeared first on CyberScoop.
Continue reading Chinese state-sponsored hackers have become more brazen, prompting an NSA advisory
This could give Beijing the upper hand when carrying out cyberattacks against the U.S. or its other digital adversaries.
The post China could be reviewing security bugs before tech companies issue patches, DHS official says appeared first on CyberScoop.