Make sure you’re up-to-date with Sonicwall SMA 100 VPN box patches – security hole exploit info is now out

Technical details and exploitation notes have been published for a remote-code-execution vulnerability in Sonicwall SMA 100 series VPN appliances. The information was released today by infosec outfit Rapid7. This comes about a month after Sonicwall issued a patch for the Read More …

FTC warns companies to remediate Log4j security vulnerability

Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe Read More …

What the Rise in Cyber-Recon Means for Your Security Strategy

As we move into 2022, bad actors are ramping up their reconnaissance efforts to ensure more successful and more impactful cyberattacks. And that means more zero-day exploits are on the horizon. When seen through an attack chain such as the Read More …

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

Since its disclosure on Dec. 9, a vast number of articles have been written on the remote code execution (RCE) vulnerability in the library Apache Log4j — a reflection of its impact. The library is used by innumerable programs to Read More …

Fulfilling Security Requirements for the Transportation Sector

Protecting our critical infrastructure against the threat of ransomware remains a top priority for both the private sector and the federal government. In fact, a recent survey from Tripwire found that security professionals in both sectors still identify ransomware as Read More …

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand Read More …

What to Do About Log4j

Log4j poses some deep challenges to IT. In this article I’ll discuss some tactical measures people are already taking now and over the next week or two, and some strategic guidance for what to do after the immediate crisis abates. Read More …

Readout Of CISA Call With Critical Infrastructure Partners On Log4j Vulnerabilities And The Need For Increased Vigilance This Holiday Season

WASHINGTON – This afternoon, the Cybersecurity and Infrastructure Security Agency (CISA) held a call with critical infrastructure entities from the public and private sectors to emphasize the importance of remaining vigilant against cyber threats over the holiday season, particularly with Read More …