A zero-day vulnerability in Apache logging library Log4j found the CISOs leading the charge to update and patch systems or put in place a manual mitigation. The exploit leaves some of the world's most popular applications and services vulnerable to attack.
An unethical hacker with knowledge and access could use this vulnerability and target servers using this logging capability with remote code execution on servers.
Fortalice advises all clients to take the Log4J vulnerability seriously. It's the highest severity score on the charts and a CISO cannot remediate alone. This explainer covers the issue and priority steps for organizations to take.
During the course of our investigative work, Fortalice has observed an increasing and alarming trend: personal email compromise is leading to business email compromise. Threat actors will leverage weaknesses regarding executives’ or board members’ personal cybersecurity hygiene to gain access to their business accounts. Extortion also remains a top cybersecurity threat, with organized criminals overseas routinely targeting corporations and the people who support them.
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.