Lights Out: Cyberattacks Shut Down Building Automation Systems

[TechWeb]( Follow Dark Reading: [RSS]( December 21, 2021 LATEST SECURITY NEWS & COMMENTARY [Lights Out: Cyberattacks Shut Down Building Automation Systems]( Security experts in Germany discover similar attacks that lock building engineering management firms out of the BASes they built and manage — by turning a security feature against them. [New Log4j Attack Vector Discovered]( Meanwhile, Apache Foundation releases third update to logging tool in 10 days to address yet another flaw. [Zero Trust Shouldn’t Mean Zero Trust in Employees]( Some think zero trust means you cannot or should not trust employees, an approach that misses the mark and sets up everyone for failure. [Russian National Extradited for Illegal Hacking & Trading]( Vladislav Klyushin was allegedly involved in a global operation to trade on nonpublic data stolen from US computer networks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How Do I Find My Servers With the Log4j Vulnerability?]( This Tech Tip outlines how enterprises can use Canarytokens to find servers in their organization vulnerable to CVE-2021-44228. [Timely Questions for Log4j Response Now — And for the Future]( EXPERT INSIGHT: How to assess your exposure to the vulnerability with a combination of asset inventory, testing, solid information sources, and software bills of materials (SBOMs). [Log4Shell: The Big Picture]( A look at why this is such a tricky vulnerability and why the industry response has been good, but not great. [MORE]( EDITORS' CHOICE [CISA Issues Emergency Directive on Log4j]( The Cybersecurity Infrastructure and Security Agency orders federal agencies to take actions to mitigate vulnerabilities to the Apache Log4j flaw and attacks exploiting it. [Why Log4j Mitigation Is Fraught With Challenges]( The Log4j flaw exists in a component that is not always easy to detect and is widely used beyond an organization's own networks and systems. LATEST FROM THE EDGE [How Is Zero Trust Evolving to Be More Continuous in Verifying Trust?]( For zero trust to be successful, organizations need to be able to check user identity, device posture, and overall behavior without adding friction to the experience. LATEST FROM DR TECHNOLOGY [Darktrace's Dave Masson on Threats Against OT Networks]( The latest episode of Tech Talk outlines the risks against operational technology with the OT/IT convergence and shift to the cloud. Tech Resources - [Zero Trust and the Power of Isolation for Threat Prevention]( - [Zero Trust in Real Life]( - [Protecting Your Mainframe Against Relentless Ransomware]( - [2021 Ransomware Threat Report]( - [Safeguard Your Cloud Journey With A Comprehensive Security Solution]( - [Implementing XDR to Modernize Enterprise Security]( - [Secure Your Remote Workforce in the AWS Cloud]( [ACCESS TECH LIBRARY NOW]( - [Beyond Spam and Phishing: Emerging Email-based Threats]( Even as enterprises adopt real-time messaging tools and platforms, email remains the hub of enterprise communications. Adversaries are increasingly targeting the enterprise email inbox, and security teams need to look further than just spam and phishing attacks. In this webinar, ... - [Cloud Security Strategies for Today's Enterprises]( The typical enterprise relies on dozens, even hundreds, of cloud applications and services sprawled across different platforms and service providers. Security teams need to shoulder the responsibility of coordinating security and incident response and not leave it up to individual ... [MORE WEBINARS]( FEATURED REPORTS - [Zero Trust and the Power of Isolation for Threat Prevention]( - [Zero Trust in Real Life]( [MORE REPORTS]( CURRENT ISSUE [How Data Breaches Affect the Enterprise]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [SecurityScorecard Research Reveals Cyber Vulnerabilities Pose a Threat to U.S. Maritime Security]( [BlackBerry Launches New Managed Extended Detection and Response (XDR) Service]( [Trend Micro Crowns Champions of 2021 Capture the Flag Competition]( [Reblaze Appoints New CEO]( [Four Out of Five Organizations Are Increasing Cybersecurity Budgets for 2022]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)