Tag Archive for: Stake

What is latest internet threat Log4j? How bad it is and what’s at stake, Telecom News, ET Telecom

/in


Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities that go on under the hood in a wide range of computer systems.

Jen Easterly, director of the U.S. Cybersecurity & Infrastructure Security Agency, called Log4Shell the most serious vulnerability she’s seen in her career. There have already been hundreds of thousands, perhaps millions, of attempts to exploit the vulnerability.

So what is this humble piece of internet infrastructure, how can hackers exploit it and what kind of mayhem could ensue?

What does Log4j do?
Log4j records events – errors and routine system operations – and communicates diagnostic messages about them to system administrators and users. It’s open-source software provided by the Apache Software Foundation.

A common example of Log4j at work is when you type in or click on a bad web link and get a 404 error message. The web server running the domain of the web link you tried to get to tells you that there’s no such webpage. It also records that event in a log for the server’s system administrators using Log4j.

Similar diagnostic messages are used throughout software applications. For example, in the online game Minecraft, Log4j is used by the server to log activity like total memory used and user commands typed into the console.

How does Log4Shell work?
Log4Shell works by abusing a feature in Log4j that allows users to specify custom code for formatting a log message. This feature allows Log4j to, for example, log not only the username associated with each attempt to log in to the server but also the person’s real name, if a separate server holds a directory linking user names and real names. To do so, the Log4j server has to communicate with the server holding the real names.

Unfortunately, this kind of code can be used for more than just formatting log messages. Log4j allows third-party servers to submit software code that can perform all kinds of actions on the targeted computer. This opens the door for nefarious activities such as stealing sensitive information, taking control of the targeted system and slipping malicious…

Source…

BT tries to crack cyber crime, grabs stake in Safe Security • The Register

/in


BT is looking to cash in on ever-growing global concerns over digital crime, and has confirmed making a multi million pound investment in US-based cyber risk management firm Safe Security.

The UK telco wouldn’t say how much it has pumped into the US business, which raised almost $50m from investors since its formation in 2012. As part of the deal, BT plans to combine Safe Security’s “SAFE platform” with its own managed security services to provide added protection for its customers in the UK against cyber threats.

What seems to appeal to BT is that Safe Security’s platform allows organisations to run a series of checks of their defences to help them better understand the likelihood of suffering a major cyber attack. Not only does it help to identify gaps in an organisation’s digital defences, it also helps to calculate the cost of any breach.

Martin Courtney, an analyst at research biz Tech Market View, reckons the deal will “augment the telco’s managed security service (MSS) proposition with a cyber risk assessment tool that can help businesses and consumers measure the effectiveness of their existing defences.

“BT also sees the technology as a potential route to market for cyber insurance and other services that could benefit from an accurate appraisal of organisational and individual cyber risk scores in the future,” he added.

The strategic investment is part of BT’s plans to beef up its cybersecurity offering against a backdrop of a growing ransomware threat that over the past weeks has hit Northern Trains ticketing kit in the UK, real estate, finance, and insurance IT firm CloudStar, and SonicWall.

Earlier this month, US President Joe Biden had a phone call with Russia’s President Putin about the worldwide ransomware epidemic, and afterwards told the press the US was prepared to attack the servers used by ransomware criminals who were targeting American businesses and citizens.

Ransomware gang REvil has had some big hits recently – such as exploiting installations of Kaseya’s IT management software to infect…

Source…

Tencent Doubles Stake in Universal Music, Home to Billie Eilish and the Beatles

/in


Tencent Holdings Ltd. is doubling its stake in the music giant behind Ariana Grande and Billie Eilish.

The Chinese internet company said Friday it was leading a consortium that had agreed to buy an additional 10% stake in Universal Music Group from Vivendi SE, in a deal that values the world’s largest music business at 30 billion euros, equivalent to $36.8 billion.

The deal bolsters Tencent’s growing presence in the record industry and its exposure to some of the biggest names in music. Universal’s stable also includes classic acts such as Queen and the Beatles, and it recently boughtBob Dylan’s entire publishing catalog.

The purchase comes nearly a year after the Tencent-led consortium, which includes its streaming business Tencent Music Entertainment Group and other undisclosed investors, first bought a 10% stake in Universal. That deal included an option to buy an additional stake of up to 10% at the same valuation.

Tencent and Vivendi also signed a separate agreement in March enabling Tencent Music to acquire a minority stake in the Universal subsidiary that owns the record label’s Greater China operations.

Source…

Millions of health records may be at stake in ransomware attack

/in

  1. Millions of health records may be at stake in ransomware attack  Digital Trends

  2. LabCorp Confirms System Hit By ‘New Variant’ of Ransomware  WFMYNews2.com
  3. LabCorp still recovering from weekend ransomware attack  Health Data Management

    4. Full coverage

Ransomware – read more