Why Log4j Mitigation Is Fraught With Challenges

[TechWeb]( Follow Dark Reading: [RSS]( December 17, 2021 LATEST SECURITY NEWS & COMMENTARY [Why Log4j Mitigation Is Fraught With Challenges]( The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization's own networks and systems. [Phorpiex Botnet Variant Spread Across 96 Countries]( A new variant dubbed "Twizt" has hijacked 969 transactions and stolen the equivalent of nearly $500,000 USD. [Dear Congress: It's Complicated. Please Consider This When Crafting New Cybersecurity Legislation]( As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation? [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Microsoft Patches Zero-Day Spreading Emotet Malware]( The December rollout includes 67 security patches and addresses one zero-day and five more publicly known vulnerabilities. [NIST Cyber-Resiliency Framework Extended to Include Critical Infrastructure Controls]( The latest NIST publication outlines how organizations can build systems that can anticipate, withstand, recover from, and adapt to cyberattacks. [The Ransomware Payment Dilemma: Should Victims Pay or Not?]( It's time to steer the conversation away from whether payment bans should be implemented to how and when they should take effect. [MORE]( MORE ON LOG4J [Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft]( Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say. [Log4Shell: The Big Picture]( A look at why this is such a tricky vulnerability and why the industry response has been good, but not great. [Analysis: Log4j Vulnerability Highlights the Value of Defense-in-Depth, Accurate Inventory]( The early lessons from Log4j indicate that key security principles can help better handle these high-risk software supply chain security incidents if teams have proper support. [How Do I Find My Servers With the Log4j Vulnerability?]( This Tech Tip outlines how enterprises can use Canarytokens to find servers in their organization vulnerable to CVE-2021-44228. LATEST FROM THE EDGE [5 Ways to Keep Fraudsters at Bay Over the Holidays]( Organizations want to focus on customer satisfaction and increased revenues during the holiday shopping season. Here are some smart security and fraud protections to keep in mind. LATEST FROM DR TECHNOLOGY [Mobile App Developers Keep Fraudulent Traffic at Bay with Anti-Fraud API]( The new API and SDK from Pixalate helps mobile developers avoid getting their apps delisted from app stores by detecting and blocking fraudulent traffic. Tech Resources - [Zero Trust and the Power of Isolation for Threat Prevention]( - [Zero Trust in Real Life]( - [Protecting Your Mainframe Against Relentless Ransomware]( - [2021 Ransomware Threat Report]( - [Key Findings: ESG Endpoint Security Megatrends]( - [AWS S3 Usage & Cybersecurity Landscape]( - [Secure Your Remote Workforce in the AWS Cloud]( [ACCESS TECH LIBRARY NOW]( - [Beyond Spam and Phishing: Emerging Email-based Threats]( Even as enterprises adopt real-time messaging tools and platforms, email remains the hub of enterprise communications. Adversaries are increasingly targeting the enterprise email inbox, and security teams need to look further than just spam and phishing attacks. In this webinar, ... - [Cloud Security Strategies for Today's Enterprises]( The typical enterprise relies on dozens, even hundreds, of cloud applications and services sprawled across different platforms and service providers. Security teams need to shoulder the responsibility of coordinating security and incident response and not leave it up to individual ... [MORE WEBINARS]( FEATURED REPORTS - [10 Hot Talks From Black Hat USA 2021]( - [Enterprise Cybersecurity Plans in a Post-Pandemic World]( As the COVID-19 pandemic eases, IT security threats and the challenges involved in responding to them are trending upward. Security leaders expect that cyberattacks like ransomware, phishing, and malware will increase even as the pandemic eventually recedes. Download the Dark ... [MORE REPORTS]( CURRENT ISSUE [How Data Breaches Affect the Enterprise]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Cybereason Announces Availability of AI-Driven Cybereason XDR and EDR on Google Cloud Marketplace]( [Kroll Acquires Security Compass Advisory]( [Kryptowire Collaborates With Orange and Finds Vulnerabilities in Mobile Devices]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)