{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

12/15/2021
linkedin facebook twitter instagram
WorkScoop
CISA, Microsoft and others offer more insight about the Log4j bug. DHS sets up cash prizes for ethical hackers. And Symantec flags a suspected espionage campaign in the Middle East. This is CyberScoop for Wednesday, December 15.

Log4j presents some puzzles for CISA

CISA's Eric Goldstein says the agency wants help from the public in putting together a comprehensive list of all the products that might be susceptible to hackers using the Log4j vulnerability. While CISA hasn't seen evidence of any hackers exploiting it to compromise federal agencies or "national critical functions," the agency is worried that the ease of using exploits against the widely used logging library means big harm might yet result. "Our broad focus here is driving mitigation across the board, recognizing that malicious cyber actors of all types may decide to use this vulnerability to achieve a variety of attack types or drive a variety of malicious ends," Goldstein said. Tim Starks dives in.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Log4j vulnerability showing up in nation-state hacking ops

Hackers associated with the governments of China, Iran, North Korea and Turkey are trying to find ways to leverage the Apache Log4j vulnerability, experts warned Tuesday. The vulnerability puts hundreds of millions of devices at risk, the U.S. government says, making it a natural choice for government hacking operations. Analysts with Microsoft and cybersecurity firm Mandiant have seen Chinese and Iranian hacking groups use the vulnerability, while others have seen the vulnerability incorporated into ransomware and possibly a wiper. AJ Vicens reports.


'Hack DHS' bug bounty program en route

The Department of Homeland Security is set to pay ethical hackers $500 to $5,000 for identifying vulnerabilities in its systems. The "Hack DHS" bug bounty program will kick off through the current fiscal year that began in October, in several phases. The department joins a trend that began in 2016 with programs at the Pentagon and IRS. Tim has this one, too.


Suspected Mideast espionage campaign targets telecoms, IT firms

A string of telecommunications operators and IT service organizations in the Middle East and elsewhere in Asia have been the target of a coordinated hacking campaign over the last six months, according to research published Tuesday. The report from Symantec's Threat Hunter Team stopped short of any official attribution, but some evidence pointed to a possible link to a prolific Iranian-linked hacking group known as Seedworm or MuddyWater. AJ has more.


Grindr faces privacy punishment

Norway’s data protection agency is fining LGBTQ+ social app Grindr about $7 million for unlawfully disclosing personal data to third parties for marketing that could have inferred user sexuality. The Norwegian DPA concluded that Grindr did not have proper consent mechanisms in place allowing users to specifically opt-in to the sharing of their data for advertisements by third parties. Grindr officials say the company disagrees with the findings and is considering its right to appeal the ruling under European data protection regulations. Tonya Riley has the details.


SPONSORED BY DRAGOS

Using evolutionary game theory to mitigate ransomware risks

Ransomware attacks on enterprise IT systems disrupt the production and distribution of goods and services, and end up costing industries millions of dollars in total losses. A new report describes how IT security leaders can apply evolutionary game theory to help leaders quantify cyber risk in their complex environments and ultimately prevent attacks. Read the full report.


Tweet Of The Day

Image

The metaverse is already here, for sure.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}