Recent Security News
-
Two years on, 1 in 4 apps still vulnerable to Log4Shell
December 11, 2023 at 10:06AM Two years after the Log4Shell vulnerability disclosure, around 1 in 4 applications still rely on outdated Log4j libraries, making them susceptible to exploitation. While some developers promptly updated the libraries, a significant proportion remain vulnerable. Urgent action was effective, but there’s still a need for more rigorous open source security…
-
Responsibly Implementing AI, the Unstoppable Force
December 11, 2023 at 10:02AM C-suite leaders are keen on leveraging generative AI for competitive advantage and automation, despite security concerns. While generative AI has positive applications in conversational interfaces and solving complex problems, it also poses security risks, as attackers use it to enhance their capabilities. Organizations must responsibly implement and manage AI to…
-
Researchers Unmask Sandman APT’s Hidden Link to China-Based KEYPLUG Backdoor
December 11, 2023 at 09:12AM The enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster are found to share tactical and targeting overlaps, utilizing a backdoor known as KEYPLUG. The assessment from SentinelOne, PwC, and Microsoft reveals shared infrastructure control, management practices, and design, suggesting joint functionalities. Alongside, the use of Lua-based…
-
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
December 11, 2023 at 09:12AM The Lazarus Group, a North Korea-linked threat actor, has launched a global campaign exploiting Log4j security flaws to deploy remote access trojans. Cisco Talos named the operation “Operation Blacksmith,” noting the use of DLang-based malware families. The group’s tactics overlap with Andariel, targeting various sectors and using NineRAT through a…