Log4j Attack Surface Remains Massive

Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool. [TechWeb]( Follow Dark Reading: [RSS]( April 27, 2022 LATEST SECURITY NEWS & COMMENTARY [Log4j Attack Surface Remains Massive]( Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool. [API Attacks Soar Amid the Growing Application Surface Area]( With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks. [Cyber Conflict Overshadowed a Major Government Ransomware Alert]( The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes. [CISA Taps Veteran CISO Bob Lord for Technical Adviser Role]( Lord previously spearheaded security for the Democratic National Committee and held leadership roles at companies including Yahoo, Rapid7, and Twitter. [Tenable Acquires External Attack Surface Management Vendor for $44.5M]( Acquisition will add Internet-facing attack surface mapping and monitoring to Tenable's internal asset management products. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [6 Malware Tools Designed to Disrupt Industrial Control Systems (ICS)]( Stuxnet was the first known malware built to attack operational technology environment. Since then, there have been several others. [Overlapping ICS/OT Mandates Distract From Threat Detection and Response]( It's time for regulators of critical infrastructure — including industrial control systems and operational technology — to focus more on operational resiliency. [Zero-Day Exploit Use Exploded in 2021]( Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows. [MORE]( EDITORS' CHOICE [Iranian Hacking Group Among Those Exploiting Recently Disclosed VMware RCE Flaw]( Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says. LATEST FROM THE EDGE [How Do I Report My Security Program's ROI?]( If security leaders focus on visibility and metrics, they can demonstrate their programs' value to company leadership and boards. LATEST FROM DR TECHNOLOGY [The Ins and Outs of Secure Infrastructure as Code]( The move to IaC has its challenges but done right can fundamentally improve an organization's overall security posture. Tech Resources - [Improving Operations with AI-Assisted Cybersecurity]( - [Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity]( - [Get the Gartner Report: SOC Model Guide]( - [The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage]( - [Identity Access Management 101]( - [2021 Gartner Market Guide for Managed Detection and Response Report]( - [Cortex XSOAR - The Essential Guide to Phishing Investigation and Response]( [ACCESS TECH LIBRARY NOW]( - [Building Security Into the Application Development Lifecycle]( Trying to fix security issues in software just before it goes into production or after it is released is difficult, time-consuming, and expensive. But how do you shift security left - to bring security earlier into the software development lifecycle? ... - [Incorporating a Prevention Mindset into Threat Detection and Response]( Cybercriminals are becoming more sophisticated and their attacks are increasingly difficult to detect. While threat detection and response is a critical component of enterprise security defense, activities geared towards prevention could save security teams a lot of time and resources ... [MORE WEBINARS]( FEATURED REPORTS - [Rethinking Endpoint Security in a Pandemic and Beyond]( IT security teams are expending the concept of "endpoint security" as companies adjust to a distributed workforce. How much responsibility will enterprise IT take for the security of personal devices such as printers. How will they manage identities across multiple ... - [How Data Breaches Affect the Enterprise]( Many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download this report to delve more into this timely topic. [MORE REPORTS]( CURRENT ISSUE [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Introducing Apostro: A Risk Management Platform for Web3 Security]( [SecurityScorecard Launches Cyber Risk Quantification Portfolio]( [Mastercard Launches Next-Generation Identity Technology with Microsoft]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)