Dateline the Internet: the Log4j vulnerability (Log4shell).
Log4shell: exploitation and remediation. (The CyberWire) Log4shell remains a tough problem, as vendors and users work to foreclose the possibility of exploitation of the vulnerability disclosed in Apache’s Log4j.
Hackers Backed by China Seen Exploiting Security Flaw in Internet Software (Wall Street Journal) Researchers call it one of the most dire cybersecurity threats to emerge in years and could enable devastating attacks, including ransomware.
The Log4j security flaw could impact the entire internet. Here’s what you should know (CNN) A critical flaw in widely used software has cybersecurity experts raising alarms and big companies racing to fix the issue.
Log4j flaw: This new threat is going to affect cybersecurity for a long time (ZDNet) The Log4j vulnerability has been described as one of the most serious security vulnerabilities in recent years. Can we really be sure anything is secure any more?
Log4j-Sicherheitslücke : Ungeschützt (Zeit Online) Es ist eine der größten IT-Krisen seit Langem: Die Sicherheitslücke Log4Shell macht Behörden und Firmen angreifbar. Die größeren Attacken kommen erst noch.
The security flaw that’s terrified the internet (PBS NewsHour) Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. They say state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it.
Widespread Log4j Remote Code Execution Vulnerability Could Affect Millions (Redmondmag) Log4j, a widely used open-source Java logging library, has a critical-remote code execution (RCE) vulnerability that is currently being leveraged in malicious attacks.
Log4Shell Initial Exploitation and Mitigation Recommendations (Mandiant) The recently disclosed Log4j vulnerability (CVE-2021-44228) is one of the most pervasive security vulnerabilities that organizations have had to deal with over the past decade.
Log4j mitigation advice for Microsoft security and IT admins (CSO Online) The Log4j vulnerability affects many applications running on Microsoft networks. Use this advice to determine whether your network has been exploited and to mitigate the issue.
FBI Statement on Log4j Vulnerability (Federal Bureau of Investigation) If you feel your systems have been compromised as a result of the Log4j vulnerability or are seeking remediation, we encourage you to employ all recommended mitigations, follow guidance from CISA, and visit fbi.gov/log4j to report the compromise.
Log4j vulnerability now used by state-backed hackers, access brokers (BleepingComputer) As expected, nation-state hackers of all kinds have jumped at the opportunity to exploit the recently disclosed critical vulnerability (CVE-2021-44228) in the Log4j Java-based logging library.
Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability (CNN) Hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit a critical flaw in software used by big tech firms around the world, Microsoft warned late Tuesday.
Iranians tried to hack seven Israeli sites using critical vulnerability, Israeli security firm says (Haaretz) The Iranian group tried to attack seven Israeli government and commercial targets using a vulnerability in the Apache Log4j logging platform, said Check Point
Nation-state hackers aim to exploit Log4j software flaw, Microsoft warns (CyberScoop) Hackers associated with the governments of China, Iran, North Korea and Turkey have been trying to find ways to leverage the Apache Log4j vulnerability, Microsoft’s Threat Intelligence Team said Tuesday.
Hackers Backed by China Seen Exploiting Security Flaw in Internet Software (Wall Street Journal) Researchers call it one of the most dire cybersecurity threats to emerge in years and could enable devastating attacks, including ransomware.
China, Iran among those exploiting Apache cyber vulnerability, researchers say (TheHill) State-sponsored hackers from countries including Iran and China are actively exploiting a major vulnerability in Apache logging package log4j to target vulnerable organizations around the world, security researchers
Microsoft confirms new ransomware family deployed via Log4j vulnerability (VentureBeat) Microsoft said that a new family of ransomware, Khonsari, has been used to attack Minecraft servers by exploiting the Log4j vulnerability.
Attackers Exploiting Apache Log4j: ‘Everyone Is a Target’ (BankInfoSecurity) What’s in store for defenders as attackers increasingly try to target the ubiquitous Apache Log4j vulnerability? “Everyone is a target,” says veteran
Log4Shell: The New Zero-Day Vulnerability in Log4j (Kratikal Blogs) ‘Log4Shell’ is a critical vulnerability found in ‘Log4j’, which is a popular library in Java code developed by Apache Software Foundation…
Problematic Log4j Functionality Disabled as More Security Issues Come to Light (SecurityWeek) Log4j developers have disabled access to the problematic JNDI feature by default as more vulnerabilities have come to light.
SAP Patches Log4Shell Vulnerability in 20 Applications (SecurityWeek) SAP is scrambling to patch the Log4Shell vulnerability in its applications and has rolled out fixes for tens of other severe flaws in its products.
WhiteSource Launches Free Tool to Detect and Remediate Log4j Vulnerabilities (PR Newswire) /PRNewswire/ — WhiteSource, a leader in open source security and management, today launched WhiteSource Log4j Detect, a free command-line interface (CLI) tool…
Positive Technologies Offers Solutions to Cope with Critical Vulnerability in Popular Log4j library (Positive Technologies) Positive Technologies Offers Solutions to Cope with Critical Vulnerability in Popular Log4j library
Industry Reactions to Log4Shell Vulnerability (SecurityWeek) Industry professionals comment on the Log4Shell vulnerability, its impact, and the steps that organizations should take to reduce risk and detect attacks.
Attacks, Threats, and Vulnerabilities
Powell: Cyber attack would be most the significant financial stability risk (YouTube) Federal Reserve Chairman Jerome Powell takes questions after the Fed’s decision to double the pace of the taper to $30 billion a month and leave interest rat…
Google Warns That NSO Hacking Is On Par With Elite Nation-State Spies (Wired) ForcedEntry is “one of the most technically sophisticated exploits” Project Zero security researchers have ever seen.
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution (Project Zero) Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit w…
Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware (Symantec) New ransomware used in mid-November attack, ConnectWise was likely infection vector.
Preventing Pool-Party Attacks (Brave Browser) Brave has identified a new category of tracking vulnerability, forms of which are present in all browsers. We call this category of attack “pool-party” attacks because the attack uses collections (or “pools”) of limited-but-shared resources to create side channels.
Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions (Check Point Software) Check Point Research (CPR) spots a botnet variant that has stolen nearly half a million dollars’ worth of cryptocurrency through a technique called
Squid Game Used as Lure for Malware Campaigns, Phishing Attacks (Security Intelligence) Digital attackers are using Netflix’s popular series “Squid Game” as a lure for their malware campaigns and phishing operations.
A reset on ransomware: Dominant variants differ from prior years (Intel471.com) The Ransomware-as-a-Service groups currently dominating the ecosystem are completely different than just a few months ago.
When is a Scrape a Breach? (Troy Hunt) A decade and a bit ago during my tenure at Pfizer, a colleague’s laptop containing information about customers, healthcare providers and other vendors was stolen from their car. The machine had full disk encryption and it’s not known whether the thief was ever actually able to access the data. It’s
How I found the Grafana zero-day Path Traversal exploit that gave me access to your logs (Detectify Labs) Detectify Crowdsource hacker was the first to find the zero-day Path Traversal in Grafana. He takes us through how he found the vulnerability
The Biggest Deepfake Abuse Site Is Growing in Disturbing Ways (Wired) A referral program and partner sites have spurred the spread of invasive, AI-generated “nude” images.
AWS misfires once more, just days after a massive failure (ZDNet) Amazon Web Services had trouble again this morning.
AWS goes down for the second time in two weeks, taking Netflix with it – again (Computing) The outage totally shut down internet connectivity in two regions of the USA
Summary of the AWS Service Event in the Northern Virginia (US-EAST-1) Region (Amazon Web Services, Inc.) We want to provide you with some additional information about the service disruption that occurred in the Northern Virginia (US-EAST-1) Region on December 7th, 2021.
Survey: Hackers approach staff to assist in ransomware attacks (CSO Online) Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID.
Construction Industry Hit with Crypto-Based Extortion Attack (Avanan) A new attack uses crypto-based extortion on the construction industry.
Irish health service missed several chances to stop devastating ransomware attack (Computing) Service has ‘a very low level of cybersecurity maturity’ finds PwC
Honolulu’s Transit System Recovers From Cyber Attack (YouTube) Oahu Transit Services won’t pay the ransom sent by cyber criminals.
Will Cyber Attack on Payroll Company Keep Some Mass. Employees From Being Paid on Time? (NBC Boston) A cyber attack involving a substantial payroll company has had a ripple effect on big companies across the country, including several major employers in Massachusetts. From grocery store chains like Stop & Shop to Keolis, the company that runs the MBTA commuter rail service, employees are now having to use temporary solutions to monitor the hours they work because of…
Life As A Security Engineer – Panther Labs (Panther Labs) Because the purpose of this survey was to learn more about security engineers specifically, rather than a broader segment of the security industry, we limited our query to only those individuals actively working in that role.
Report: Consumers Admit to Submitting False Fraud Disputes to Get Their Money Back (GlobeNewswire News Room) Sift’s Q4 2021 Digital Trust & Safety Index Exposes Mounting Impact of Chargebacks and Friendly Fraud…
70% of Security Professionals Say Remote Work Means a New Approach to Cybersecurity is Needed (SentryBay) Our latest poll aimed to assess attitudes to cyber threats and methods of protecting vulnerable devices.
PerimeterX Survey Reveals E-gift Card Attacks, Automated Fraud and Scalping Bot Usage on the Rise (PerimeterX) Fraud, Bots and CAPTCHAs Put a Damper on Holiday Shopping
Less Than 50 Percent Of Organizations Regularly Assess Their Cloud Risk Status, According To New Cloud Security Alliance Survey (AiThority) The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released Measuring Risk and Risk Governance
FTC: Americans lost $148 million to gift card scams this year (BleepingComputer) The US Federal Trade Commission (FTC) said Americans reported losing $148 million to gift card scams during the first nine months of 2021 following a major increase compared to last year.
Scams leave nasty bite & Australians $33m out of pocket in November (Security Brief) Investment scams increased a mild 8% on the previous month but the amount of money lost almost doubled.
Kroll Expands Cloud Security and Red Team Capabilities with Acquisition of Security Compass Advisory (Business Wire) Kroll today announced that it has acquired Security Compass Advisory headquartered in Canada.
Noname Security hits $1B valuation after $135M Series C raise (TechCrunch) The API security startup has raised $220 million since emerging from stealth a year ago.
Silicon Valley’s voice in Washington dissolves (POLITICO) The once-dominant Internet Association “has made the difficult decision to close the organization at the end of this year,” its board announced Wednesday.
Ransomware is surging—and so are cyberinsurance prices (Inside Higher Education) Ransomware attacks are skyrocketing at a time when many colleges are finding they can’t afford cyberinsurance — or can’t even get it.
Homeland Security launches ‘Hack DHS’ bug bounty program (The Record by Recorded Future) The Homeland Security Department has launched a bug bounty program that will allow hackers to report vulnerabilities in its systems in return for monetary prizes, the agency’s chief announced on Tuesday.
Facebook expands bug bounty program to cover scraping attacks (The Record by Recorded Future) The Meta (formerly Facebook) security team has added scraping attacks to the list of incidents covered by the company’s bug bounty program.
SentinelOne (NYSE:S) Trading Up 3.9% After Insider Buying Activity (MarketBeat.com) SentinelOne (NYSE:S) Stock Price Up 3.9% Following Insider Buying Activity
Zuora Joins BlackBerry IVY Advisory Council to Accelerate Subscription Economy for the Automotive Industry (BlackBerry) Leading cloud-based subscription management platform provider Zuora Inc. has joined the BlackBerry IVY™ Advisory Council to enable BlackBerry IVY™ Ecosystem partners and automotive OEMs to monetize in-car subscription services at scale, using the BlackBerry IVY intelligent vehicle data platform.
What will NSO do without its flagship product? (Globes) The Israeli company is considering shelving Pegasus, the cyberattack product that brought it a bad name. Can it reinvent itself, as similar companies have in the past?
Honeywell Romania Security Operations Center (Honeywell) Honeywell OT Cybersecurity opens first security operations enter in Europe, based In Bucharest.
CyberFirst welcomes Proofpoint as new partner – Education Technology (Education Technology) The cybersecurity and compliance company will offer industry placements to students taking part in the talent-backing CyberFirst initiative
Reblaze Appoints Ziv Oren as CEO to Drive Next Stage of Growth (Reblaze) Oren brings over 20 years of high-tech leadership experience to further establish the company as an innovator in web security
Protegrity Promotes Terri McBride to EVP, Global People and HR, and Kaitlin Hartshorn to VP, Legal Affairs (Business Wire) Protegrity, a global leader in data security, today announced the expansion of its executive leadership team with the promotions of Terri McBride (EVP
Karen Buffo joins Anomali as CMO (Help Net Security) Anomal announced that cybersecurity industry veteran Karen Buffo has been appointed to the position of Chief Marketing Officer (CMO).
Kevin Kelly Appointed Arcfield Chairman, CEO (GovCon Wire) Looking for the latest GovCon News? Check out our story: Kevin Kelly Appointed Arcfield Chairman, CEO. Click to read more!
Products, Services, and Solutions
AV-Comparatives reveals long-term test results for 19 major endpoint security solutions (Fuentitech) AV-Comparatives, an independent ISO-certified security test lab, released its December 2021 Business Security Test Report, awarding 19 antivirus solutions with “approved business product” certification. Business security testing is the most comprehensive survey of enterprise endpoint security solutions on the market. To name it as an approved business product, antivirus solutions score 90% on a zero …
Cowbell Cyber Introduces Microsoft Secure Score Connector to Improve Policyholders’ Cyber Risk Profile (Cowbell) Cowbell Connector for Microsoft Empowers Microsoft Customers to Close Insurability Gap
PerimeterX Prevents Over $1.5B in Losses from Account and Purchase Fraud Over Cyber 5 (PerimeterX) We saw some interesting trends during the Cyber 5 shopping period that give a preview into the future threat landscape.
Endace and LinkShadow Partner to Deliver Fast, Definitive Incident Response to Cybersecurity Threats (Business Wire) LinkShadow has joined Endace’s Fusion Partner program, enhancing SOC team productivity, streamlined investigation, and reduced threat exposure.
KnowBe4 Launches New “Security Masterminds” Podcast (GlobeNewswire News Room) First episode features Dr. Lydia Kostopoulos who explores the fourth industrial revolution…
SAIC Launches Rugged Apps™ to Provide Secure Commercial Apps to Government Users (SAIC) Rugged Apps™ provides highly secure versions of commercial apps and software scanning services for government users
Technologies, Techniques, and Standards
AWS outage, Log4j vulnerability provides harsh lessons in unknown dependencies (Diginomica) The recent AWS outage(s) and Log4j security holes should lead to enterprises drawing some broader lessons about dealing with complexity and dependencies in modern IT environments.
The true role of a CISO – combining technical understanding with the art of persuasion (ITProPortal) What makes a good CISO?
Ransomware is Everywhere, But are Organizations’ Defenses too Little, too Late? (Infosecurity Magazine) With ransomware becoming more prevalent, cyber defenses need to evolve beyond tools and focus on end-user behaviors
JetBlue CISO Tim Rohrbaugh on putting threat intelligence at the center (CSO Online) Understanding threat actors and the tactics they use informs how Rohrbaugh develops his cybersecurity strategy, allocates resources, and leads his team.
Is It Time to Roll Back Employee Surveillance Practices? (Total Security Advisor) The shift to remote and hybrid work has put employees out of sight but, thanks to technology, not necessarily out of mind. Since the pandemic began, the use of employee monitoring software has leapfrogged by over 50% and, with hybrid work still the norm, shows little signs of receding. It’s not just the ubiquity of […]
Wisconsin National Guard cyber team returns home from first federal deployment (WEAU) We revisit the mission with 1st Lt. Dave Schroeder and how their skills can benefit the communities of Wisconsin.
Design and Innovation
Apple Removes All References to Controversial CSAM Scanning Feature From Its Child Safety Webpage [Updated] (MacRumors) Apple has quietly nixed all mentions of CSAM from its Child Safety webpage, suggesting its controversial plan to detect child sexual abuse images on…
The metaverse has a groping problem already (MIT Technology Review) A woman was sexually harassed on Meta’s VR social media platform. She’s not the first—and won’t be the last.
Legislation, Policy, and Regulation
Reclassifying the law of self defence in the era of cyber war (Defence Connect) In the era of cyber operations, from influence campaigns to the destruction of critical civilian infrastructure, are the international laws governing self-defence and armed conflict sufficient? Wit
It’s unclear whether Russia is cracking down on cyber attacks (Washington Post) There are fewer big attacks from Russian hackers, but the problem’s far from fixed
EU, Germany, UK send new warnings to Russia over Ukraine (Al Jazeera) Western powers say if Moscow decides to invade neighbouring Ukraine, a round of tough sanctions awaits.
U.S. diplomat offers support to Ukraine amid Russian military build-up (Reuters) Karen Donfried, the United States assistant secretary of state, met top Ukrainian officials on Tuesday to offer support in the face of a build-up of Russian troops near the border.
Government’s new national security priorities reveals growing concerns about ‘strategic competition’ (Stuff) The Government is growing increasingly concerned about the rising threat of "strategic competition" between powerful countries, newly published documents reveal.
UK launches new National Cyber Security Strategy with focus on home-grown tech (Computing) The Strategy revolves around expanding the UK’s cyber industry and making it self-sustaining
U.K. seeks to build “cyber power” via new national cybersecurity strategy (The Record by Recorded Future) The United Kingdom on Wednesday announced a major update to its national cybersecurity strategy.
The UK’s political attack against China and Russia will only deteriorate global cyberspace (Global Times) The UK said it views China and Russia as strategic rivals in the developments of some major technologies such as artificial intelligence, quantum computing and microprocessor design, and it would push back at what it casts as attempts by Russia and China to establish national sovereignty over the communications arteries and emerging technologies, according to Reuters.
Report Indicates Greater Huawei Involvement in Surveillance (VOA) Washington Post reporting suggests Chinese telecom giant, currently under US sanctions, has marketed itself to government agencies, businesses seeking surveillance technologies, contrary to its public statements
U.S. Set to Ban American Investment in Some Chinese Companies Over Surveillance (Wall Street Journal) A draft Treasury Department announcement says the companies, including a major drone maker, participate in China’s mass surveillance of Muslim ethnic groups.
Biden administration concerned about U.S. investments in Chinese tech companies with military or surveillance ties (Washington Post) Last year, a fast-rising artificial intelligence company in China won a little-noticed contract from a Chinese military academy to provide battlefield command software — technology that defense experts say could become part of the military’s operational network.
Biden admin says Huawei is ‘national security threat’ (Fox Business) After an investigation into Chinese tech giant Huawei linked the massive company to mass surveillance campaigns by the Chinese Communist Party, the National Security Council says the White House is as cautious as ever toward the enigmatic conglomerate.
Exclusive: U.S. lawmakers call for sanctions against Israel’s NSO, spyware firms (Reuters) A group of U.S. lawmakers is asking the Treasury Department and State Department to sanction Israeli spyware firm NSO Group and three other foreign surveillance companies they say helped authoritarian governments commit human rights abuses.
Lawmakers urge Biden administration to sanction NSO Group and other cyber surveillance firms (CNN) More than a dozen Democratic lawmakers have called on the Biden administration to sanction four cyber surveillance firms for “enabling human rights abuses” by “selling powerful surveillance technology to authoritarian governments.”
Pegasus: US officials call on NSO and Dark Matter to face sanctions (Middle East Eye) More than a dozen Democratic officials called on the US State and Treasury Department to sanction executives DarkMatter and NSO
US Senate passes $768 billion defense bill without cyber incident reporting provisions (ZDNet) The bill includes a National Cyber Exercise program that will test the country’s cyber preparedness and a “CyberSentry” provision to monitor critical infrastructure.
Unanswered questions loom over Biden administration push to strengthen ‘Havana Syndrome’ response (Washington Post) The Biden administration is scrambling to develop plans for providing compensation and improved medical care to diplomats, intelligence officers and other personnel affected by mysterious health incidents, part of an attempt to strengthen the response to a phenomenon known as “Havana Syndrome.”
Litigation, Investigation, and Law Enforcement
French police detain suspect who laundered €19 million in ransomware payments (The Record by Recorded Future) French authorities have arrested a suspect this week for allegedly laundering more than €19 million (~$21.4 million) in ransomware payments.
NSA improperly assessed proposals for WildandStormy cloud procurement, says GAO (FedScoop) The National Security Agency improperly assessed technical proposals from Microsoft submitted as part of the WildandStormy cloud procurement, according to the Government Accountability Office. The government watchdog in a bid protest decision agreed with Microsoft’s argument that technical proposals were evaluated unreasonably by the NSA and in a way that was inconsistent with the terms […]
US, Australia Agree to Share Phone, Text Records in Criminal Probes (SecurityWeek) The United States and Australia signed an agreement to ease access by their justice departments to digital phone and email records needed in criminal investigations.
United States and Australia Enter CLOUD Act Agreement to Facilitate Investigations of Serious Crime (US Department of Justice) The United States and Australia today signed a landmark agreement that will facilitate access to electronic data for investigations of serious crime, including terrorism and child sexual abuse.
Norway’s Privacy Watchdog Cuts Grindr Fine To $7M (Law360) The Norwegian Data Protection Authority on Wednesday hit dating app Grindr with a reduced fine of $7.17 million for allegedly illegally sharing user data with advertisers, finding that the company had improved how it seeks consent from consumers.
The Army is in hot water over TikTok recruiting activity (The Verge) Some recruiters have thousands of followers on the app.
Cisco, Centripetal Get Backing in $1.9B Patent Verdict Appeal (Bloomberg Law) Jury found infringement of four cybersecurity patents. Trial judge enhanced damages based on willfulness.
Grindr given €6.5 million GDPR fine for selling special category user data without consent (IT PRO) The Norwegian DPA claims users’ sexual orientations were exposed following the sale of data to third parties
Participant Sues Recordkeeper for Data Breach (National Association of Plan Advisors) With cybersecurity of increasing concern to plan fiduciaries, participants—and regulators—a participant has sued his plan’s recordkeeper for breach of an implied contract to keep his data secure—as well as a breach of fiduciary obligation.
FBI Recovers Oregonians’ Stolen Data (Infosecurity Magazine) Health information of 750,000 patients recovered from account belonging to HelloKitty