December 2021 - Cyber Security Minute

Fraud detection and prevention market to hit $100 billion by 2027

Issued by: Help Net Security

The fraud detection and prevention (FDP) market is expected to surpass $100 billion by 2027, as reported in a research study by Global Market Insights. The growing adoption of mobile phones and digital banking applications is proliferating the market growth. The growing instances of cyberthreats and money laundering across sectors are driving the need for…

Network Security

The Right to Work and Non-Competes in the Security Industry

Issued by: Security Week

I’d like to discuss the right to work. Security professionals have that right, and unfortunately, from time to time, certain individuals, organizations, or companies try to take that right away. In this piece specifically, I’d like to focus on the issue of non-competes. I understand that companies have employees sign non-competes. This is a common…

Vulnerabilities

Chinese Spies Exploit Log4Shell to Hack Major Academic Institution

Issued by: Security Week

Tracked as CVE 2021-44228 and also referred to as Log4Shell and LogJam, the security hole affects the Apache Log4j Java logging framework and has been exploited in targeted attacks since early December. As part of a recent campaign, the OverWatch security researchers observed Aquatic Panda leveraging a modified version of the Log4j exploit for initial…

Application Security, Malware & Threats

State Workers to Be Paid on Time Despite Ransomware Attack

Issued by: Security Week

The State Auditor’s Office reassured 60,000 state employees on Monday that their pay would be deposited on Friday, WSAZ-TV reported. State officials learned two weeks ago that the attack took West Virginia’s payroll time and leave accounting system off line. Since then, the auditor’s staff has worked with payroll administrators in affected state agencies to…

Network Security

Enterprise data loss prevention market to reach $6.265 billion by 2026

Issued by: Help Net Security

The global enterprise data loss prevention market is projected to grow at a CAGR of 21.03% to reach $6.265 billion by 2026, from $1.647 billion in 2019, according to ResearchAndMarkets. The enterprise data loss prevention market is highly driven by the escalating demand for an optimized solution with a spike in cybersecurity threats to enterprises….

Vulnerabilities

Albanian Prime Minister Apologizes Over Database Leak

Issued by: Security Week

A file containing the personal identity card numbers, employment and salary data of some 637,000 people became public this week and was widely shared through messaging apps. Prime Minister Edi Rama said the leak is being investigated. “According to a preliminary analysis, it looks more like an internal infiltration rather than an outside … cyber-attack,”…

Vulnerabilities

New Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking

Issued by: Security Week

Schneider announced the availability of patches on December 14, when it urged customers to immediately apply patches or mitigations. The flaws have been found to impact EVlink City (EVC1S22P4 and EVC1S7P4), Parking (EVW2, EVF2 and EVP2PE) and Smart Wallbox (EVB1A) devices, as well as some products that have reached end of life. The vendor has…

Vulnerabilities

400,000 Individuals Affected by Email Breach at West Virginia Healthcare Company

Issued by: Security Week

Mon Health says it became aware of the intrusion on July 28, when a vendor notified it of a payment that had not come through. An investigation launched into the matter revealed that adversaries likely had unauthorized access to the email system between May 10 and August 15, 2021. As part of the incident, cybercriminals…

Vulnerabilities

Log4Shell is a dumpster fire that should have been avoided

Issued by: Help Net Security

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every cybersecurity professional in the world. That all changed when the Apache Log4j project announced CVE-2021-44228 (aka Log4Shell) – a zero-day vulnerability in Log4j’s standardized method of handling log files…