Cybersecurity Starts in the Boardroom
I am on leave/writing retreat at the moment and one of the things I like to do when away is read. Bruce Schneier’s blog put me on to this very interesting work. Bounty Everything by Ryan Ellis & Yuan Stevens – (datasociety.net) “Hackers and the Making of the Global Bug …
The log4j vulnerability and it’s associated attack vectors was always going to be major cybersecurity crisis – and of course once the bad actors knew about it they would expand their exploitation. This article on the SANS internet shows how initial attempts to mitigate the log4j issue are now being …
Continue reading “When you have found a “good” thing, why stop?”
The US Federal Trade Commission is taking a strong position when it comes to companies fixing any Log4j vulnerabilities. FTC threatens legal action over unpatched Log4j systems • The Register FTC warns legal action against companies who fail to mitigate Log4Shell – The Record by Recorded Future
If you are involved in software development or use open source software, this article from the Google Cloud team, makes for interesting reading and can add some clarity to using this type of resource. Cloud CISO Perspectives: December 2021 | Google Cloud Blog
Latest update about Log4j from SANS Internet Diary. Log4j 2 Security Vulnerabilities Update Guide – SANS Internet Storm Centre
