Cyber Connections News Roundup: December 14

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 14

New Log4j Vulnerability Could Turn into a Field Day for Hackers

According to a recent article on www.zdnet.com,U.S. government cybersecurity officials believe that a vulnerability in Log4j, a widely used Java logging library, has become a security risk that could affect digital devices across the internet. Security responders are scrambling to patch the bug, which can be easily exploited to take control of vulnerable systems remotely. At the same time, hackers are actively scanning the internet for affected systems. Some have already developed tools that automatically attempt to exploit the bug, as well as worms that can spread independently from one vulnerable system to another under the right conditions. Read more.

Is the U.S. Government Facing a Cybersecurity Brain Drain?

According to a recent article on https://fox28media.com, experts are warning that the U.S. government is failing to keep up with the talent demands of the private sector, which can typically pay higher than many federal agencies. A recruiting website for cybersecurity jobs, funded by the U.S. Department of Commerce, said there are currently 597,767 open cybersecurity jobs nationwide, which includes positions in the public and private sector. In the public sector, the website estimates there are 38,655 open jobs. Read more.

Mitigating Cybersecurity Risks in International Trade Involve Planning and Playing Politics

Companies that sell digital products internationally face a host of cybersecurity concerns that can have a negative impact on their business, according to a recent article on https://hbr.org. Navigating the rules of cybersecurity and managing the cyber risks differ from country to country. Countries can, however, prepare for risks and rules with a strategy that includes building a strong cybersecurity governance culture, preparing for the politics that may arise, and developing a plan for exiting and re-entering markets. Read more.

Cyber Attacks Keep Two Schools Closed After Thanksgiving

Cyberattacks continue to pervade higher education as evidenced by recent issues experienced by Butler County Community College in Pennsylvania and Lewis and Clark Community College in Illinois, according to a recent report on https://edscoop.com. The two schools temporarily closed their campuses following Thanksgiving week to recover from cyberattacks. Butler County Community College said that it was hit with a ransomware attack on Nov. 19, the same day the school’s IT team notified campus on maintenance on several servers, according to updates on the school’s website. It cancelled classes for the Monday and Tuesday following the Thanksgiving weekend. Lewis and Clark, located in southern Illinois, did not specified the type of cyberattack it experienced, but announced on Nov. 28 that it would cancel classes and keep its campuses closed for the week for the necessary recovery time for its IT systems. Read more.

SolarWinds Hackers, One Year Later

The hackers associated with the SolarWinds supply chain compromise last year have been busy since then, according to a recent report on www.cyberscoop.com. Findings published Monday by a team of analysts at Mandiant (formerly FireEye) paint a picture of potentially distinct groups working alongside or within a more established Russian intelligence hacking group known as Nobelium, a name given to the group by Microsoft. The group is also known as Cozy Bear. Read more.