Considered one of the largest exploitable vulnerabilities in history, Log4Shell affects many as Log4J is one of the most extensively used logging libraries. An issue that has existed for almost a decade but just recently was discovered, Log4Shell leaves companies vulnerable to the full extent of these attacks. AT&T Alien Labs blogged about the vulnerability back in December 2021, with more technical detail. The AT&T Managed Vulnerability Program (MVP) team helps customers strengthen their cybersecurity posture and resiliency, leaving them better equipped for events like Log4Shell.
Surprising to many, third-party libraries are not solely IT problems but can also impact operational technology (OT) and is needed for many OT functions. Because of that the manufacturing and critical infrastructure community has needed to focus more on addressing threats as they emerge. The Log4J vulnerability and others like it are not going away on their own, so the MVP team is constantly testing, monitoring, and deploying to ensure correct steps are being taken to mitigate future attacks. AT&T MVP’s partner, Tenable, dives deeper in their blog,”5 Steps that the OT Community Should Take Right Now,” focusing on how OT groups avoid ramification, encouraging proactiveness like the solutions provided by AT&T MVP.
As high-stakes cryptocurrency and blockchain projects proliferate and soar in value, it’s no surprise that malicious actors were enticed to steal $14 billion in cryptocurrency during 2021 alone. The frantic pace of cryptocurrency thefts is continuing into 2022.
In January, thieves stole $30 million in currency from Crypto.com and $80 million in cryptocurrency from Qubit Finance. February started with the second-largest decentralize finance (DeFi) theft to date when a hacker exploited a token exchange bridge in Wormhole to steal $320 million worth of Ethereum.
As high-stakes cryptocurrency and blockchain projects proliferate and soar in value, it’s no surprise that malicious actors were enticed to steal $14 billion in cryptocurrency during 2021 alone. The frantic pace of cryptocurrency thefts is continuing into 2022.
In January, thieves stole $30 million in currency from Crypto.com and $80 million in cryptocurrency from Qubit Finance. February started with the second-largest decentralize finance (DeFi) theft to date when a hacker exploited a token exchange bridge in Wormhole to steal $320 million worth of Ethereum.
When the insider is the President of the United States, the mishandling and removal of information take on a different demeanor given the national security implications. The U.S. media has widely reported how the National Archives and Records Administration bird-dogged the return of missing presidential records, most recently 15 boxes of presidential papers that should have been directed to the National Archives when President Trump’s term ended on January 20, 2021.
It is alleged the 45th President of the United States directed the collection of materials to be placed into those boxes and forwarded to his Florida residence where they have sat for more than a year. It is also alleged that within some of these boxes were documents that carried the national security “secret” and “top secret” classifications.
How does Microsoft hope to defeat the macro terror? How is the UK Government trying to influence the public’s opinion on end-to-end encryption? And what is MoviePass hoping to do with your eyeballs?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
