{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

12/14/2021
linkedin facebook twitter instagram
WorkScoop
CISA's Jen Easterly doesn't mince words about the Log4j bug. The Pentagon explains how it deploys ad-blockers. And a DOD program is told to find better ways to evaluate itself. This is CyberScoop for Tuesday, December 14.

Log4j flaw could affect hundreds of millions of devices, CISA says

A vulnerability in a widely used logging library, Log4j, is likely to affect hundreds of millions of devices, CISA told industry leaders Monday. That and other factors ranks it among vulnerabilities as "one of the most serious I've seen in my career, if not the most serious," said CISA Director Jen Easterly. CISA expects various types of attackers to exploit it, from cryptominers to ransomware gangs to more "sophisticated actors." Eric Goldstein, another CISA official, said the vulnerability would "allow a remote attacker to easily take control of the system in which they exploit it." Tim Starks had it first.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


DOD spikes online ads over malvertising threat

The Pentagon told Sen. Ron Wyden, D-Ore., on Monday that it uses several kinds of technologies to block internet advertisements because of the threats that malicious ads present. The answers that DOD gave are similar to those of the intelligence community, and CISA earlier this year urged federal agencies to use ad-blockers because of malvertising, in which hackers infuse ads with malicious code. DOD also spelled out guidelines and defenses for mobile users and contractors in the letter to Wyden. Tim had the scoop on this one, too.


Watchdog points to metrics issues in Pentagon cyber program

The Defense Department lacks a framework for properly evaluating its contractor cybersecurity program, the Government Accountability Office says. In a new report, the congressional watchdog says the Cybersecurity Maturity Model Certification program still needs metrics and other means to measure successes and failures in its core mission of assessing how well contractors protect important data. The GAO also points to the program's communications with industry — a perennial compliant by trade groups. Jackson Barnett has more at FedScoop.


SPONSORED BY FORTINET

AI, supply chain and the maturation of cyberthreats

Recent supply chain attacks and data exposures have shown that cybercriminals are using more sophisticated attack methods, including AI tools and more modern social engineering techniques. Fortinet’s Jim Richberg looks at recent trends in cybercriminal activity and how public sector leaders can access funding to improve their security posture. Hear more from Richberg.


Tweet Of The Day

Image

We laugh to keep from crying.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}