Equifax’s breach was the perfect opportunity to prepare for future vulnerabilities like Log4Shell. Not enough organizations seized the opportunity to learn from it.
CISA warns that a successful exploit could enable an attacker to gain access to sensitive data, modify system settings or parameters, or perform arbitrary actions.
The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wifi and Bluetooth have an interesting relationship, not-so-secret backdoors, taking over domain controllers, and interesting precopulatory behavior in darkling beetles!
Financial services institutions are beholden to a wide array of regulatory rules.But in recent months, with an unprecedented number of customers embracing digital access in the face of closed limited-access branches, there are new threats and risks to consider.
It is no panacea, but everyone SC Media spoke with for this story agrees that software bills of material would have dramatically increased the efficiency of patching for the Log4j vulnerability for those prepared to take advantage.
Speaking at the second day of the SC Finance eConference, Betty Elliott, chief information security officer for Freddie Mac, and Sean Cronin, CEO of ProcessUnity, offered their view on how FSIs can best protect themselves, their data and their customers through the careful oversight of third-party suppliers.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
