Log4j: new exploitation, new mitigations, new risk assessments. Service interruptions, Space Force’s capture-the-flag, and official interventions.
Updates on Log4j vulnerabilities: new exploitation, new mitigations, new risk assessments, some good advice from the NCSC, and from Betsy Carmelite and Mike Saxton, analysts at Booz Allen Hamilton. Kronos interruptions continue into the holiday season. NCA shares compromised passwords with Have I Been Pwned. A power grid security exercise in Ukraine, AWS outage last week put down to congestion. Hack-A-Sat promises more transparency. Tis the season for charity scams, as Carole Theriault reports. And the SEC wants financial services companies to use proper channels, not, say, WhatsApp and personal email.