Threatpost Will 2022 Be the Year of the Software Bill of Materials? Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable. The Log4j Vulnerability Puts Pressure on the Security World It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. Cybercriminals Actively Target VMware vSphere with Cryptominers VMware's container-based application development environment has become attractive to cyberattackers. ‘White Rabbit’ Ransomware May Be FIN8’s Latest Tool It's a double-extortion play that uses the command-line password 'KissMe' to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art. Critical ManageEngine Desktop Server Bug Opens Orgs to Malware Zoho's comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. Organizations Face a ‘Losing Battle’ Against Vulnerabilities Companies must take more 'innovative and proactive' approaches to security in 2022 to combat threats that emerged last year, researchers said. Top Illicit Carding Marketplace UniCC Abruptly Shuts Down UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what's next. Real Big Phish: Mobile Phishing & Managing User Fallibility Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike. Critical Cisco Contact Center Bug Threatens Customer-Service Havoc Attackers could access and modify agent resources, telephone queues and other customer-service systems - and access personal information on companies' customers. ‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. "Be afraid" was scrawled on the Foreign Ministry site. Distributed by aarss.com.