Connect with Log4j Madness Others


Sounds like the world has many Pandora boxes open at the same time right now. Last week another problem arose and reveal the risk in the Apache Log4j pricing library. Since then, system administrators, response officers, and governments have worked hard to establish patches and reduce risk. This problem is easy for attackers to use and can lead to complete server hijacking. Patching is on the rise, but Apache needs to release some updates that need to be implemented. After initial investigations and seizures by international militants, the security guards are waiting for the next wave of violence. And they say that insecure systems will remain in the network for years, just waiting to be recognized and used.

In the meantime, researchers have set up a job screening business this week as Meta lowered the base on its platforms from seven companies that targeted more than 50,000 users and others. And Google’s Zero Project Zero reviewed the technical expertise of NSO Group’s ForcedEntry iOS exploit, an emphasis. how advanced the tools of a special group can be. WIRED also looked at ways to grow the world’s largest deepfake harassment site which uses AI to create fake images.

With all the scams and scams floating, check it out WIRED guidelines for preventing “smishing” or a secret SMS attack sent by anyone from the most elite hackers to the pursuit of spammers.

And there is more. Each week we report on all WIRED security issues that are not detailed. Click on the headings to read all the articles.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency law on Friday requiring all government agencies to review their systems and implement Log4j vulnerabilities and mitigation measures by December 23. 28 the names and types of all their affected machines and the security measures they have put in place for each use.

“CISA has determined that this insecurity poses a serious risk to the Federal Civilian Executive Branch and requires immediate action,” CISA wrote in the statement. “This assertion stems from the use of these risk threats by wildlife threats, the potential for reuse of the risk, the amount of programs involved in state-owned enterprises, and the potential for disrupting institutional information systems.”

The Patent Office and Trademark took the opportunity to outsource its offline machines for 12 hours from Wednesday night as a precautionary measure in response to Log4j’s insecurity. CISA states that there is no log4j affiliation for private networks and that there are currently no other law enforcement agencies such as the Patent Office. But a temporary drop indicates the high risk and speed of the patch. Secretary of Homeland Security Alejandro Mayorkas said Thursday that he was “deeply concerned” about the threat.

After a month-long investigation by Reveal from the Center for Investigative Reporting by WIRED, lawmakers have asked the Federal Trade Commission to investigate Amazon data protection and federal privacy law. The WIRED and Reveal report shows that Amazon allowed more employees to look at customers as they would like, and that the Chinese data company may have gained access to information for millions of customers, among others. Amazon says the incident does not reflect what is happening. But senators Ron Wyden (D-OR) and Jon Tester (D-MT), along with several representatives, cited a number of shortcomings as evidence that US companies need to do more to protect their customers’ data.

Former security expert John Murray Rowe Jr. He was arrested Wednesday on charges of espionage after the Ministry of Justice said he had “attempted to provide national security information to the Russian government.” Rowe, 63, should be sentenced to life in prison if convicted. He is said to have worked on several security engineers over 40 years and had several security licenses throughout the period from “Secret” to “Top Secret” and “Sensitive Compartmented Information”. Among other things, Rowe worked for aeronautics for the Air Force. A security breach that demonstrated loyalty in Russia led officials to recognize Rowe as a dangerous insider and terminate his contract as a contractor in 2018. Since then the FBI began investigating and in March 2020, Rowe allegedly met with an undercover FBI agent. he pretends to be Russia’s prime minister. Proponents of her case have been working to make the actual transcript of this statement available online.

French police have arrested an unidentified man in southeastern France for embezzling $ 21.4 million. Authorities have not named any group of ransomware or terrorist suspects. This comes in the wake of a global crackdown on ransomware attacks and a crackdown on criminals.


Some of the Best WIRED Stories



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *