CISA Issues Emergency Directive on Log4j

[TechWeb]( Follow Dark Reading: [RSS]( December 20, 2021 LATEST SECURITY NEWS & COMMENTARY [CISA Issues Emergency Directive on Log4j]( The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it. [PseudoManuscrypt Malware Targeted Government & ICS Systems in 2021]( The "PseudoManuscrypt" operation infected some 35,000 computers with cyber-espionage malware and targeted computers in both government and private industry. [Meta Acts Against 7 Entities Found Spying on 50,000 Users]( The parent company of Facebook and Instagram has warned some 50,000 account holders they are targets of surveillance. [Is Data Security Worthless if the Data Life Cycle Lacks Clarity?]( If you cannot track, access, or audit data at every stage of the process, then you can't claim your data is secure. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Log4Shell: The Big Picture]( A look at why this is such a tricky vulnerability and why the industry response has been good, but not great. [Dear Congress: It's Complicated. Please Consider This When Crafting New Cybersecurity Legislation]( As mandatory reporting bills work their way through the halls of Congress, what should businesses do to prepare for this pending legislation? [MORE]( MORE ON LOG4J [Timely Questions for Log4j Response Now — And for the Future]( EXPERT INSIGHT: How to assess your exposure to the vulnerability with a combination of asset inventory, testing, solid information sources, and software bills of materials (SBOMs). [How Risky Is the Log4J Vulnerability?]( Security teams around the world are on high alert dealing with the Log4j vulnerability, but how risky is it, really? [Why Log4j Mitigation Is Fraught With Challenges]( The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization's own networks and systems. [Original Fix for Log4j Flaw Fails to Fully Protect Against DoS Attacks, Data Theft]( Organizations should upgrade ASAP to new version of logging framework released Tuesday by the Apache Foundation, security experts say. LATEST FROM THE EDGE [Executive Partnerships Are Critical for Cybersecurity Success]( One leader alone can't protect an organization from cyber threats, C-suite leaders agree. LATEST FROM DR TECHNOLOGY [Mobile App Developers Keep Fraudulent Traffic at Bay with Anti-Fraud API]( The new API and SDK from Pixalate helps mobile developers avoid getting their apps delisted from app stores by detecting and blocking fraudulent traffic. Tech Resources - [Zero Trust and the Power of Isolation for Threat Prevention]( - [Zero Trust in Real Life]( - [Protecting Your Mainframe Against Relentless Ransomware]( - [2021 Ransomware Threat Report]( - [Ransomware Protection Strategies: Cyber Hygiene for Digital Resilience]( - [New Uses for Amazon S3 are Creating Security Risks for Your Business. This is Why.]( - [The Five Phases of AWS Cloud Security Strategy]( [ACCESS TECH LIBRARY NOW]( - [Beyond Spam and Phishing: Emerging Email-based Threats]( Even as enterprises adopt real-time messaging tools and platforms, email remains the hub of enterprise communications. Adversaries are increasingly targeting the enterprise email inbox, and security teams need to look further than just spam and phishing attacks. In this webinar, ... - [Cloud Security Strategies for Today's Enterprises]( The typical enterprise relies on dozens, even hundreds, of cloud applications and services sprawled across different platforms and service providers. Security teams need to shoulder the responsibility of coordinating security and incident response and not leave it up to individual ... [MORE WEBINARS]( FEATURED REPORTS - [Zero Trust in Real Life]( - [10 Hot Talks From Black Hat USA 2021]( [MORE REPORTS]( CURRENT ISSUE [How Data Breaches Affect the Enterprise]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Cybereason Announces Availability of AI-Driven Cybereason XDR and EDR on Google Cloud Marketplace]( Cloud-native platform automates prevention, detection, and response to cyberattacks. [Ground Labs Research Reveals 71% of American Consumers are Unaware of Data Protection Laws]( [LastPass Announces New Integration with Google Workspace]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)