Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

View and Annotate CAD Files in Field Quickly and Inexpensively

Everyday thousands, if not millions, of dollars are wasted on delays and reworks caused by project teams not having access to the latest files. And while there are myriad reasons for this waste, one of the biggest culprits is field teams' inability to easily access CAD files on-site. Computer-aided design, or CAD, has become the backbone of most construction projects because its precision improves design quality and facilitates better communication through documentation.

The Log4j2 Vulnerability: What to know, tools to learn more, and how Elastic can help

Welcome to Elastic’s Log4j2 vulnerability information hub. Here we will explain what the specific Log4j2 vulnerability is, why it matters, and what tools and resources Elastic is providing to help negate the opportunity for malware exploits, cyberattacks, and other cybersecurity risks stemming from Log4j2.

11 big predictions for cybersecurity in 2022

After the Covid-19 pandemic accelerated digital transformation and shifted businesses to online first, cyber-attackers exploited a broader, more sophisticated attack vectors. The rollout of 5G, reliance on supply chains, and increased use of application programming interfaces (APIs) means businesses have more cyber-related vulnerabilities.

Other Ways Remote Work Has Changed Businesses

As the pandemic continues and employees are finding themselves “stuck at home” for the foreseeable future, companies are coming up with new ways to approach overall wellbeing for their employees. Things like breakroom snacks, on-site gyms, and commuting passes are less appealing and don’t make a lot of sense. So, companies are getting creative in the ways they support their employees during remote work. Here are some of our favorite examples.

Deep Dive Into PYSA Ransomware - The Monitor, Issue 18

PYSA is the most recent ransomware variant known distributed by the Mespinoza Ransomware as a Service (RaaS) gang, which has been infecting victims since 2019. Kroll has consistently observed PYSA in our incident response engagements since 2020 and has noted an increase in frequency of this variant since the second quarter of 2021. Our analysis shows PYSA is opportunistic and not restricted to one sector or geographical area.

Cloud Function Dashboard with LimaCharlie

LimaCharlie provides everything you need to run modern cybersecurity operations, and it is also a great tool for builders. Our powerful web application is built using the publicly accessible API. There are no magic functions and we put the full power of the platform into the hands of those capable of wielding it. To demonstrate the kind of thing a user can easily build with LimaCharlie we have put together an interactive, embeddable dashboard.

Four cybersecurity predictions for 2022

2021 has been another challenging year for businesses, not least because of the ongoing wave of cyberattacks. Everyone is hoping for some good news in 2022, but realistically, cybercrime slowing down won’t be on the agenda. Cybersecurity and avoiding the threat of data breaches is going to be front of mind for many going into next year. We’ve spoken to two members of our leadership team who’ve shared their thoughts on four trends we’re likely to encounter in 2022.

Log4j Vulnerability CVE-2021-45105: What You Need to Know

A third Log4j2 vulnerability was disclosed the night between Dec 17 and 18 by the Apache security team, and was given the ID of CVE-2021-45105. According to the security advisory, 2.16.0, which fixed the two previous vulnerabilities, is susceptible to a DoS attack caused by a Stack-Overflow in Context Lookups in the configuration file’s layout patterns. What is this CVE about? What can you do to fix it? How does it differ from the previous CVEs?