Dateline the Internet: the Log4j vulnerabilities and related risks.
Log4j vulnerabilities and the long slog through remediation and risk management. (The CyberWire) Log4j vulnerabilities are going to be with us for some time. They're undergoing active exploitation, and fixing them will require vigilance and attention to detail over the long haul.
Log4j flaw attacks are causing lots of problems, Microsoft warns (ZDNet) Organizations mights not realize their environments are already compromised.
Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation (Microsoft Security Blog) Microsoft is tracking threats taking advantage of the CVE-2021-44228 remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks.
Cyber world is starting 2022 in crisis mode with the log4j bug (Washington Post) The newest culprit is the log4j software bug, which Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly called “the most serious vulnerability I have seen in my decades-long career.” It forced many cybersecurity pros to work through the holidays to protect computer systems at Big Tech firms, large and small companies and government agencies.
Apache Log4j Vulnerability (Fidelis Cybersecurity) Learn more about the Apache Log4j vulnerability and what Fidelis Cybersecurity is doing to help its customers protect their hybrid environments.
Trustwave's Action Response: Multiple Log4j Zero-Day Vulnerabilities (Trustwave) Trustwave security and engineering teams became aware of the Log4j zero-day CVE-2021-44228 overnight on December 9. We immediately investigated the vulnerability and potential exploits.
Log4j Highlights Need for Better Handle on Software Dependencies (Dark Reading) Security pros say the Log4j vulnerability is another warning call for enterprises to get more disciplined when keeping track of software bills of materials.
Log4j Remediation Rules Now Available for WhiteSource Renovate and Enterprise (WhiteSource) The Software Composition Analysis leader now offers a remediation preset for WhiteSource Renovate and Enterprise, enabling users to identify and fix the
Attacks, Threats, and Vulnerabilities
Jerusalem Post and Maariv hacked on Gen. Soleimani's death anniversary (HackRead) On the morning of Monday 3rd, Jan 2022, hackers managed to deface the official website of Jerusalem Post and compromise Maariv's Twitter account.
North Korean Group “KONNI” Targets the Russian Diplomatic Sector with new Versions of Malware Implants (Cluster25) Cluster25 analyzed a recent attack linked to the North Korean APT group “Konni” targeting Russian diplomatic sector using a spear phishing theme for New Year’s Eve festivities as lure.
North Korean hackers target Russian diplomats using New Year greetings (The Record by Recorded Future) A North Korean cyber-espionage group has targeted Russian embassy diplomats over the winter holidays with emails carrying New Year greetings in the hopes of infecting them with malware.
Purple Fox malware distributed via malicious Telegram installers (BleepingComputer) A laced Telegram for desktop installer was spotted distributing the Purple Fox malware while disabling the UAC on the infected systems.
Quantum Computing Is for Tomorrow, But Quantum-Related Risk Is Here Today (SecurityWeek) Booz Allen Hamilton has analyzed the quantum computing arms race to determine China’s current and future capabilities, and to understand the likely use of China’s cyber capabilities within that race.
A vulnerability worse than Log4j (and it can blow up facilities and shut down the grid) (Control Global) More than 3,000 smart instruments in a petrochemical facility were found to have no passwords, even by default. You simply plug in your HART communicator and change whatever you want. These changes can blow up refineries, burst pipelines, release toxic chemicals, take over electric transformers, etc.
Cyber Threats to Critical Manufacturing Sector Industrial Control Systems (Hstoday) COVID-19 restrictions on the amount of onsite workers caused more critical manufacturing plants to adopt robotic process automation.
Opinion: The cybersecurity risk to our water supply is real. We need to prepare. (Washington Post) It’s rare that four government agencies issue a joint advisory on a potential threat to the basic health and welfare of the entire U.S. population. But that’s what happened in October when the FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA) and Environmental Protection Agency warned that U.S. water and wastewater systems are being targeted by “known and unknown” malicious actors.
Multiple Vulnerabilities Impact Netgear Nighthawk R6700 Routers (SecurityWeek) Netgear Nighthawk R6700v3 routers running the latest firmware are affected by multiple vulnerabilities.
Thousands of .eu websites go down in Brexit-related change (Computing) It is the final step in a four-year saga that has gone back and forth over how British .eu domain holders would be treated post-Brexit
Hospitality Chain Says Employee Data Stolen in Ransomware Attack (SecurityWeek) Hospitality chain McMenamins confirms employee information dating back to January 1998 was compromised in a recent ransomware attack.
Shopping Platform PulseTV Discloses Potential Breach Impacting 200,000 People (SecurityWeek) PulseTV has started notifying roughly 200,000 users that their personal information and credit card data might have been compromised as a result of a cybersecurity breach.
OpenSea freezes $2.2M of stolen Bored Apes (Cointelegraph) NFT art collector toddkramer.eth told Twitter yesterday that his collection of 16 NFTs worth over $2 million was stolen and pleaded with OpenSea to freeze the assets, which they did.
Don't copy-paste commands from webpages — you can get hacked (BleepingComputer) Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal risk having their system compromised. Wizer's Gabriel Friedlander demonstrates an obvious, simple yet stunning trick that'll make you think twice before copying-pasting text from web pages.
Security Patches, Mitigations, and Software Updates
Microsoft issues emergency fix for Exchange Server date-check bug (ZDNet) The temporary fix is for a date-check failure that caused messages to get stuck in Exchange 2016 and 2019 transport queues starting January 1.
Email Stuck in Exchange On-premises Transport Queues (TECHCOMMUNITY.MICROSOFT.COM) We have addressed the issue causing messages to be stuck in transport queues of on-premises Exchange Server 2016 and Exchange Server 2019. The problem relates to a date check failure with the change of the new year and it not a failure of the AV engine itself. This is not an issue with malware scann...
Trends
Come the Metaverse, Can Privacy Exist? (Wall Street Journal) In immersive worlds, new technologies will siphon up data at an increasingly granular level—a person’s gait, eye movements, emotions and more—putting far greater strain on existing safeguards.
Marketplace
The hottest cloud security startups acquired in 2021 (TechGenix) The post-pandemic era is fueling mergers and acquisitions in the cloud security and DevOps industries, with more than 50 firms being acquired in 2021.
Corvus Insurance Acquires Lloyd’s Coverholder Tarian Underwriting Limited (Business Wire) Corvus Insurance, the leading provider of smart commercial insurance products powered by AI-driven risk data, today announced that it has acquired Tar
Google confirms it acquired cybersecurity specialist Siemplify, reportedly for $500M, to become part of Google Cloud’s Chronicle (TechCrunch) Cybersecurity breaches are at a high watermark, and so any company serious about expanding its credibility and business in enterprise IT has to continue investing in tackling it. To that end, Google is kicking off the new year by stepping up its operations in cloud-based and enterprise security. To…
Recorded Future Acquires SecurityTrails (Recorded Future) Recorded Future, the world’s largest provider of intelligence for enterprise security, today announced that it has acquired SecurityTrails, the Total Internet Inventory™ and leading provider of Attack Surface Monitoring. With the addition of SecurityTrails’ data, Recorded Future provides the foremost intelligence solution for unique threat landscape visibility, including insight […]
WISeKey to Invest up to $10 Million Over the Next Two Years to Perform Bitcoin Mining From its Swiss Mountain Secure Bunker and Adapt its Cybersecurity Technologies to Defend Against Illicit Cryptocurrency Mining Activities (GlobeNewswire News Room) WISeKey to Invest up to $10 Million Over the Next Two Years to Perform Bitcoin Mining From its Swiss Mountain Secure Bunker and Adapt its Cybersecurity...
WISeKey rallies on investing up to $10M for performing bitcoin mining (SeekingAlpha) WISeKey (WKEY) trades 11.8% higher after hours on announcing its plan to invest up to $10M over the next two years, to perform Bitcoin mining from its Geneva datacenter and a former...
Top 6 Nord Security highlights of 2021 (Yahoo Finance) As 2021 is coming to an end, we at Nord Security want to reflect on the most meaningful moments the company experienced this year. The Nord Security group is home to NordVPN, NordLayer, NordWL, NordPass, NordLocker, and Atlas VPN.
Morrison & Foerster Elects 22 Partners (PRWeb) Morrison & Foerster, a leading global law firm, is pleased to announce the election of 22 lawyers to the firm’s partnership, effective January 1, 2022. The class
Intercontinental Exchange Inc. COO Mark Wassersug Joins Sepio's Advisory Board (PR Newswire) Sepio, the leader in Zero Trust Hardware Access (ZTHA), announced today that Mark Wassersug, COO of Intercontinental Exchange Inc. (NYSE: ICE),...
Products, Services, and Solutions
CrowdStrike Beefs Up Exploit Detection With Intel CPU Telemetry (SecurityWeek) CrowdStrike is using Intel CPU telemetry to beef up detection of sophisticated exploits and to backport memory safety protections to older PCs.
Armis selects Radware to protect its AWS environment (SC Magazine) Radware’s Cloud Native Protector promises full visibility into public cloud environments.
State-of-the-art EDRs are not perfect, fail to detect common attacks (The Record by Recorded Future) A team of Greek academics has tested endpoint detection & response (EDR) software from 11 of today's top cybersecurity firms and found that many fail to detect some of the most common attack techniques used by advanced persistent threat actors, such as state-sponsored espionage groups and ransomware gangs.
Finite State Enhances Automated Zero Day Detection for Connected Devices (Business Wire) Vulnerabilities in the software supply chain are costing device manufacturers business. Threats like Treck TCP/IP and ThroughTek Kalay P2P SDK continu
Technologies, Techniques, and Standards
AT&T and Verizon Agree to New Delay of 5G Rollout (Wall Street Journal) The telecom companies said they agreed to delay their rollout of a new 5G service for two weeks, reversing course after previously declining a request by U.S. transportation officials.
The coming reckoning: Showing ROI from threat intelligence (TechCrunch) For threat intelligence teams, it appears old habits die hard. Many remain in the government intel mindset, focused on funneling data to the security operations center (SOC).
Safeguarding data and communications with quantum technology (CNA) To protect the world’s communication channels from ever-evolving risks, Toshiba makes a leap with quantum physics in the cybersecurity game.
Understanding and Protecting Kerberos – The Soft Underbelly of Cybersecurity (Redmondmag) With the advent of Active Directory more than 20 years ago, the Kerberos protocol was a game-changer in terms of security, unification, and moving AD into the realm of identity management. Learn more.
A Cyber-Attack Is A Disaster (Techwire) Key considerations for strengthening resiliency as the threats of ransomware become more pervasive.
Should businesses be concerned about APT-style attacks? (Help Net Security) As organizations move sensitive data to the cloud, the attack surface widens compounding the APT-style threat.
Don't confuse data protection with data literacy (Computing) But use storytelling to understand both
How to differentiate between data and information (Computing) Both are important, but one is useless without the other
Breaking the habit: Top 10 bad cybersecurity habits to shed in 2022 (WeLiveSecurity) Be alert, be proactive and find new ways to protect your digital world in 2022 - including by shedding these 10 bad habits.
Have a better 2022 with these tech resolutions (MIT Technology Review) Embrace the infinite inbox, avoid video chats, and other advice to help you in the new year
Research and Development
Scientists say social interaction is ‘the dark matter of AI’ (TNW) What's the missing ingredient in the secret sauce behind human-level intelligence? Is it something we can teach the machines?
Academia
NSA Schoolhouse Grows Next Generation of Cyber Leaders (SIGNAL Magazine) The U.S. National Security Agency/Central Security Service’s National Cryptologic School is expanding its reach of cyber education programs.
Legislation, Policy, and Regulation
Russia Analytical Report, Dec. 13, 2021-Jan. 3, 2022 (Russia Matters) “Biden’s goal [regarding Ukraine] will not be to propitiate Putin but to allay his vociferously expressed national security concerns. One possible road ahead might center on an ‘Austrian solution’ for Ukraine,” writes Jacob Heilbrunn, editor of the National Interest. “If Putin is willing to accede to Ukrainian neutrality rather than attempting to transform it into a puppet state or claim full suzerainty over it, then the Austrian model might serve as a possible solution to the vexed status of Ukraine.”
No One in Kyiv Knows Whether Russia Is Bluffing (Defense One) Putin is right about one thing: A free, prosperous Ukraine is a threat to his autocratic regime.
Russia’s Aggression Against Ukraine Is Backfiring (Defense One) Putin’s military moves are rallying Ukrainians and unifying NATO.
Russian attack in Ukraine should bring full-time US presence on Kremlin’s doorstep, former top generals advise (Stars and Stripes) A statement issued by the Atlantic Council think tank calls for a permanent NATO presence in the Black Sea region and the Baltic states of Lithuania, Latvia and Estonia if a Russian military buildup along the border with Ukraine turns into an incursion.
What the US misunderstands about Russia (The Australian) With thousands of Russian troops massed near Ukraine’s border, the announcement that Russia and the US soon will hold security talks is undoubtedly welcome. While a de-escalation of tensions is hardly guaranteed, it is a lot harder to talk past someone who is in the same room.
SWIFT and Certain Punishment for Russia? (Foreign Affairs) There are better ways to deter Moscow than threatening its banking access.
Iran vows revenge for Soleimani killing if Trump not put on trial (Reuters) Iranian President Ebrahim Raisi, speaking on the second anniversary of the assassination of General Qassem Soleimani by the United States, said that former U.S. President Donald Trump must face trial for the killing or Tehran would take revenge.
Attacks on U.S. Allies Raise Tensions on Anniversary of Killing of Iran’s Soleimani (Wall Street Journal) Explosive-laden drones targeted Baghdad’s airport and Yemen’s Houthi rebels seized an Emirati-flagged ship on the second anniversary of Maj. Gen. Qassem Soleimani’s death.
South Korea Has Quietly Taken Sides in the U.S.-China Rivalry (World Politics Review) South Korea's era of "strategic ambiguity" when it comes to taking sides in the great power rivalry between its historical ally and its rising neighbor is well and truly over. Quietly but surely, Seoul has moved away from seeking a middle ground between the U.S. and China, and decided to side with Washington.
CISA Sizes up Progress on National Critical Functions Work (MeriTalk) The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) is cataloguing significant progress it has made in developing its “National Critical Functions” (NCF) framework, and pointing to next steps in the effort.
CISA Hires Bardenstein as New Tech, Cyber Strategy Lead (MeriTalk) The Cybersecurity and Infrastructure Security Agency (CISA) has hired Daniel Bardenstein as its new tech and cyber strategy lead.
With what Congress is contemplating, Homeland Security would need more phone lines (Federal News Network) Congress is contemplating a bill that would require companies to report successful cyber attacks to the federal government.
New Information Commissioner John Edwards starts today (Computing) New chief of UK data protection regulator starts with a full in-tray
Litigation, Investigation, and Law Enforcement
U.S. Catches Kremlin Insider Who May Have Secrets of 2016 Hack (Bloomberg) IT executive Vladislav Klyushin’s journey into U.S. custody is a blow to the Kremlin, say people familiar with a Russian intelligence assessment of what he may have to offer
Russian businessman's Kremlin ties could prove intelligence 'gold mine' for US, former official says (CNN) A Russian businessman who appeared in US court Monday on securities fraud charges could be a valuable asset in US efforts to gather more information on Russian interference in the 2016 election as well as other intelligence operations, former US officials tell CNN.
Putin fear insider extradited from Switzerland to US may have DEFECTED (Mail Online) Sources close to the Kremlin believe Russian businessman Vladislav Klyushin, who was indicted in the U.S., has access to documents related to the 2016 election hack, Bloomberg reported.
Putin is concerned that a Kremlin insider extradited to the United States from Switzerland may be DEFECTED. (Nokia News |) Putin is concerned that a Kremlin insider extradited to the United States from Switzerland may be DEFECTED. A wealthy Russian businessman who was indicted in Boston late last year on hacking and insider trading charges may have had access to documents and information about the 2016 US election hacking. Late last month, Vladislav Klyushin wasRead More
Poland bought NSO hacking tools shortly after Netanyahu met Polish PM - report (Jerusalem Post) Reports of the Polish government using NSO’s spyware against the opposition surfaced in 2019 and again in early 2020.
One of Europe’s biggest suspected cryptocurrency fraudsters arrested in Spain (EL PAÍS English Edition) The Civil Guard has seized assets worth €2.5m from the 45-year-old man, who has Portuguese nationality and was detained in Valencia
ACLU Demands Answers About Transit Agency Data Breach (SecurityWeek) ACLU is demanding more answers about a data breach at the state’s public bus service, including why the personal information of state employees who don’t even work for the agency was compromised.
Exclusive: Secret Service intel saw "no indication of civil disobedience" (Newsweek) In this daily series, Newsweek explores the steps that led to the January 6 Capitol Riot.
Accounting Firm Faces Lawsuit Over Healthcare Data Breach (Health IT Security) Accounting firm Bansley and Kiener is facing a class-action lawsuit after a healthcare data breach that exposed personally identifiable information.
Broward Health Suffered Data Breach (CBS Local Miami) CBS4's Austin Carter reports a hacker gained access to personal information for patients and employees.
Morgan Stanley to Pay $60 Million to Settle Data-Breach Suit (Bloomberg) Morgan Stanley agreed to pay $60 million to settle a class action suit by consumers claiming the firm failed to safeguard their personal information.