{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
A flaw in popular logging software has everyone on high alert. The telehealth app Doxy.me exposed some patient data. And Europol makes a ransomware arrest in Romania. This is CyberScoop for Monday, December 13.

Log4j vulnerability raises alarm bells

CISA and security researchers are warning that a critical vulnerability in open-source logging software Log4j requires immediate patching and mitigation. The popular tool is widely used in apps and tools including Apple iCloud and Twitter. CISA will host a call with critical infrastructure stakeholders Monday afternoon about the threat. So far hackers seem to be scanning for any vulnerable openings but researchers say they’re detecting the beginnings of more targeted attacks. Tonya Riley has more.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Doxy.me fixes privacy flaw

Telehealth platform Doxy.me fixed an issue that allowed Facebook, Google and Hubspot to access the names of some patients’ providers, the company told CyberScoop after it notified the software provider of the problem. The unintentional sharing highlights the major risks of getting involved with large online advertisers like Google and Facebook. “I think that there are far too few companies that appreciate that the data supply chain is adversarial,” said Zach Edwards, a privacy researcher who found the leak. Tonya has the scoop.

Ransomware suspect in Romania kept pilfered data close

A 41-year-old Romanian man was arrested Monday for allegedly breaching a Romanian IT services company and then attacking the company's clients with ransomware, Europol announced. The target companies — in Romania and abroad — had their data stolen and encrypted, with the suspect threatening to leak the data in cybercrime forums if he wasn't paid large ransoms in cryptocurrency. An expert tells CyberScoop that the case is interesting in that the suspect didn't follow the traditional path of posting samples of the stolen data to a leak site. AJ Vicens reports.

Proposal for cyber incident reporting mandate is on hold

There's another roadblock for a congressional proposal that would require some companies to report when they are hit by major cyberattacks or make a ransomware payment. The bipartisan provision was left out of the annual must-pass defense policy bill, home to some of the more consequential cybersecurity legislation in past years. The snag was partly due to timing, and partly a dispute between backers and Republican dissidents. Not all hope is indefinitely lost, as some important disputes have been resolved, setting up a chance for a separate vote. Tim Starks explains.

Emotet is piggybacking on TrickBot, researchers say

The resurgence of the botnet Emotet is getting a boost from fellow crime group TrickBot, researchers say. Law enforcement took down Emotet earlier this year, but since November, analysts at Check Point have identified dozens of new targets, including 113 in the first week of December alone. There are signs that the botnet could be back to at least half of its strength before the takedown. Tonya explains.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}