by
Paul Ducklin
Java programmers love string interpolation features.
If you’re not a coder, you’re probably confused by the word “interpolation” here, because it’s been borrowed as...
by
Paul Ducklin
Remember Log4Shell?
It was a dangerous bug in a popular open-source Java programming toolkit called Log4j, short for “Logging for Java”, published by the...
A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware.
Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus
It's time for a reset with the board of directors. Very few have a dedicated, board-level cybersecurity committee, which means cybersecurity isn't viewed as a critical executive function.
Password-guessing became last year's weapon of choice, as attackers attempted to brute-force vulnerable Remote Desktop Protocol (RDP) servers, SQL databases, and SMB file shares.