Here’s an overview of some of last week’s most interesting news, articles and interviews:
Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations
Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished.
The Log4j JNDI attack and how to prevent it
The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the entire information security community, but most of all those who are tasked with keeping enterprise systems and network secure.
Ransomware hits HR solutions provider Kronos, locking customers out of vital services
The end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group (UKG), one of the biggest HR and workforce management solutions providers in the US.
Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)
Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing…
