The Latest on Log4J

[TechWeb]( Follow Dark Reading: [RSS]( December 16, 2021 LATEST SECURITY NEWS & COMMENTARY [Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft]( Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say. [Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors]( Amid the increase in Log4J attack activity, at least one Iranian state-backed threat group is preparing to target the vulnerability, experts say. [40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j]( More than 60 variants of the original exploit were introduced over the last day alone. [What to Do While Waiting for the Log4J Updates]( This Tech Tip outlines how enterprise defenders can mitigate the risks of the Log4j vulnerabilities for the short-term while waiting for updates. [Security Experts Sound Alarm on Zero-Day in Widely Used Log4j Tool]( A remote code execution vulnerability in Log4j presents a bigger threat to organizations than even the infamous 2017 Apache Struts vulnerability that felled Equifax, they say. [Microsoft Patches Zero-Day Spreading Emotet Malware]( The December rollout includes 67 security patches and addresses one zero-day and five more publicly known vulnerabilities. [Emotet Is Back and More Dangerous Than Before]( Volume of traffic associated with the malware is now back at 50% of the volume before law enforcement took the botnet operation down in January 2021, security vendor says. [Lack of Patching Leaves 300,000 Routers at Risk for Attack]( A significant percentage of the 2 million consumer and small-business routers produced by a Latvian firm are vulnerable and being used by attackers, a security firm says. [Kronos Suffers Ransomware Attack, Expects Full Restoration to Take 'Weeks']( Customers advised to adopt alternative internal processes to support the affected human resources services. [Name That Toon: Modern-Day Frosty]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Why Cloud Storage Isn't Immune to Ransomware]( Cloud security is a shared responsibility. which sometimes leads to security gaps and complexity in risk management. [Why the Private Sector Is Key to Stopping Russian Hacking Group APT29]( Left unchecked, these attacks could have devastating effects on government and military secrets and jeopardize the software supply chain and the global economy. [Privacy and Safety Issues With Facebook's New 'Metaventure']( With access to a user's 3D model and full-body digital tracking, attackers can recreate the perfect replica of a C-level executive to trick employees. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Combat Misinformation by Getting Back to Security Basics]( One volley of fake news may land, but properly trained AI can shut down similar attempts at their sources. [10 Stocking Stuffers for Security Geeks]( Check out our list of gifts with a big impact for hackers and other techie security professionals. [MORE]( EDITORS' CHOICE [Dark Reading Reflects on a Legacy and Life Well-Written: Tim Wilson]( The Dark Reading editorial team, along with contributing writers and editors, share their favorite stories and memories of co-founder and editor-in-chief Tim Wilson, an influential editor and well-respected thought leader in the cybersecurity industry. LATEST FROM DR TECHNOLOGY [How Do I Find My Servers With the Log4j Vulnerability?]( This Tech Tip outlines how enterprises can use Canarytokens to find servers in their organization vulnerable to CVE-2021-44228. LATEST FROM THE EDGE [Why Red Teaming While Black Can Be Risky]( Penetration audits can be dangerous for people of color. Here is how to keep Black and brown cybersecurity professionals safe during red team engagements. Tech Resources - [Zero Trust and the Power of Isolation for Threat Prevention]( - [Zero Trust in Real Life]( - [Protecting Your Mainframe Against Relentless Ransomware]( - [2021 Ransomware Threat Report]( - [Ransomware Protection Strategies: Cyber Hygiene for Digital Resilience]( - [Cloud Security is Much More than Prevention and Compliance]( - [Automation And Unification Enable A Cohesive Attack Surface Defense]( [ACCESS TECH LIBRARY NOW]( - [Beyond Spam and Phishing: Emerging Email-based Threats]( Even as enterprises adopt real-time messaging tools and platforms, email remains the hub of enterprise communications. Adversaries are increasingly targeting the enterprise email inbox, and security teams need to look further than just spam and phishing attacks. In this webinar, ... - [Cloud Security Strategies for Today's Enterprises]( The typical enterprise relies on dozens, even hundreds, of cloud applications and services sprawled across different platforms and service providers. Security teams need to shoulder the responsibility of coordinating security and incident response and not leave it up to individual ... [MORE WEBINARS]( FEATURED REPORTS - [Zero Trust in Real Life]( - [10 Hot Talks From Black Hat USA 2021]( [MORE REPORTS]( CURRENT ISSUE [How Data Breaches Affect the Enterprise]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Cybereason Announces Availability of AI-Driven Cybereason XDR and EDR on Google Cloud Marketplace]( [Kroll Acquires Security Compass Advisory]( [Kryptowire Collaborates With Orange and Finds Vulnerabilities in Mobile Devices]( [Tufin Introduces Security Policy Builder (SPB) App to Marketplace]( [Ground Labs Research Reveals 71% of American Consumers are Unaware of Data Protection Laws]( [Darktrace Reports Information Technology and Communications Sector Most Targeted by Cyberattackers in 2021]( [Broadcom Inc. Announces $10 Billion Share Repurchase Authorization]( [Kaspersky Opens Doors to New Transparency Center in North America]( [LastPass Announces New Integration with Google Workspace]( [The Executive Women's Forum on Information Security, Risk Management & Privacy Presents the Leadership Scholarship]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)