Dateline the Internet: the Log4j vulnerabilities and other open-source risks.
CISA discusses progress on Log4shell (as other open-source vulnerabilities are reported). (The CyberWire) CISA describes the response to Log4shell, and, while it sees "a long tail" remaining, on balance the agency has a good news story to report. Meanwhile, other open-source libraries present risks.
Microsoft and the FTC Say Attackers Still Not Done with Log4Shell (Cyware Labs) Public and private organizations alike, including Microsoft and the U.S. Federal Trade Commission (FTC), are alerting organizations against continuous attacks exploiting Log4Shell since December 2021.
Log4Shell-like security hole found in popular Java SQL database engine H2 (Naked Security) “It’s Log4Shell, Jim,” as Commander Spock never actually said, “But not as we know it.”
Log4Shell-Like Vulnerability Found in Popular H2 Database (SecurityWeek) A critical, unauthenticated remote code execution vulnerability has been impacting the H2 database console since 2008.
JNDI-Related Vulnerability Discovered in H2 Database Console (JFrog) Critical JNDI-based vulnerability exploiting the same root cause of Log4Shell. Read more from the JFrog Security Research Team describing the attack vector >
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps (BleepingComputer) Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM libraries had been compromised, but it turns out there's more to the story.
Nubeva Releases Log4j Auto HotPatcher with Free-Trial of Ransomware Reversal Solution (StreetInsider.com) Nubeva Technologies (TSX-V: NBVA, OTC: NBVAF), a developer of B2B next-generation ransomware solutions, announces the immediate availability of a Log4J Auto HotPatcher tool with a free-trial to a limited edition of the company’s Ransomware Reversal technology.
Attacks, Threats, and Vulnerabilities
Disruption at one of two undersea cables to Svalbard (The Independent Barents Observer) There is no redundant between the Arctic archipelago and mainland Norway after loss of power in the area where the fiberoptic cable follows the seabed down to a depth of 2,700 meters in the Greenland Sea.
Russian harm to underwater cables could be 'act of war', UK defence chief warns (Computing) Russia's underwater operations are focused on exploiting the world's communication and information systems, Admiral Sir Tony Radakin has warned
Russia could threaten internet cables in underwater attacks—navy chief (Newsweek) Admiral Sir Tony Radakin, 56, confirmed any such move could be viewed an act of war.
Common Office Desk Phone Could Be Leaking Info to Chinese Government, Report Alleges (Defense One) Phones by Yealink have been observed sending encrypted messages to Chinese servers three times a day.
FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware (The Record by Recorded Future) The US Federal Bureau of Investigation says that FIN7, an infamous cybercrime group that is behind the Darkside and BlackMatter ransomware operations, has sent malicious USB devices to US companies over the past few months in the hopes of infecting their systems with malware and carrying out future attacks.
Uber ignores vulnerability that lets you send any email from Uber.com (BleepingComputer) A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber. Uber is aware of the flaw but has decided not to fix it for now.
Eight New macOS Malware Families Emerged in 2021 (SecurityWeek) Eight new macOS malware families emerged in 2021, including ElectroRAT, SilverSparrow, XcodeSpy, ElectrumStealer, WildPressure, XLoader, ZuRu, and CDDS.
Doxbin Gets…Doxxed? Leak Purportedly Sourced From Paste Site Exposes More Than 41,000 User Credentials (Flashpoint) On January 5, a threat actor on the illicit forum XSS posted a leak allegedly sourced from Doxbincom, a well known paste site where users would post
Police fear made this Hacker group to issue a decryptor (TheDigitalHacker) To decrypt the encrypted data of one of its victims, the AvosLocker ransomware organization had to issue a free decryptor. The news came after the
Finland's biggest bank reports cyberattack (Yle News) Sunday's disruption followed a warning of fraudulent text messages sent in the OP bank's name on Friday.
Online Pharmacy Service Ravkoo Discloses Data Breach (SecurityWeek) A cyberattack targeting Ravkoo’s AWS-hosted portal resulted in unauthorized access to patient data.
Ransomware attack disrupts operations at Bernalillo County (KOB 4) Bernalillo County officials say their operations are severely limited because of a ransomware attack earlier this week. As of Wednesday morning, the county has basically been offline.
Cyberattack leads to jail lockdown, violations (Albuquerque Journal) County says its inability to access cameras is 'concerning'
Finalsite Status (Finalsite) Update - All websites have now been restored. Messages and eNotify are both fully operational.
Ransomware attack shuts school websites globally (The Sentinel Assam) In a serious ransomware attack, hackers have hit an education technology company, Finalsite, shutting down thousands of school websites and nearly 5,000 alone in the US. Finalsite provides school...
Nearly 5,000 US School Websites Face Shutdown Amid Ransomware Attack (India.com) Nearly 5,000 school websites were forced to shutdown in US due to a serious ransomware attack. Earlier this week, at least 8,000 schools globally, hosted by Finalsite, discovered that they were no longer accessible or displayed errors.
OCBC phishing scam left victim broke and starving on Christmas Day (TODAY) Being penniless and hungry on Christmas Day was not something that 33-year-old Trisha (not her real name), whose OCBC bank account was targeted by scammers through an SMS phishing scam on Christmas Eve last month, ever imagined could happen to her.
Rapid window title changes cause ‘white screen of death’ (BleepingComputer) Experimentation with ANSI escape characters on terminal emulators has led to the discovery of multiple high-severity DoS (denial of service) vulnerabilities on Windows terminals and Chrome-based web browsers.
Security Patches, Mitigations, and Software Updates
Salesforce to require MFA for all users starting next month (The Record by Recorded Future) Salesforce, the world's largest customer relationship management (CRM) platform, said that customers must have a form of multi-factor authentication (MFA) turned on starting next month, or they won't be able to access their accounts.
Trends
My first impressions of web3 (Moxie Malrinspike) Despite considering myself a cryptographer, I have not found myself particularly drawn to “crypto.” I don’t think I’ve ever actually said the words “get off my lawn,” but I’m much more likely to click on Pepperidge Farm Remembers flavored memes about how “crypto” used to mean “cryptography” than I am the latest NFT drop.
Marketplace
Cyber Ninjas CEO Launched Second Company Last Year (Zero Day) A spokesman for the controversial company said Thursday that it was dissolving and laying off the CEO and all employees, after a court levied heavy fines against it. But the CEO has a second company.
Hacking: Demand for products from the NSO Group and Co. does not decrease (Market Research Telecast) A shock wave has reverberated across Israel in recent months. The multi-billion dollar Israeli company NSO Group, which has been selling hacking tools to governments…
What Investors Learned From the Elizabeth Holmes Trial: ‘Zero’ (Bloomberg) Lure of hot market overshadows risks despite lesson of Theranos
The Pointless Parable of Elizabeth Holmes (Bloomberg) Is there a lesson to be learned from Theranos? Is anyone learning it?
10 Hot Cybersecurity Companies You Should Watch In 2022 (CRN) Many of the industry‘s most successful cybersecurity companies will in 2022 prioritize integrating major acquisitions, executing on new channel and technology partnerships, and expanding their services capabilities.
Sophos brings in Citrix's Charles de Jesus for A/NZ channel leadership (ARN) Sophos has appointed Citrix talent Charles de Jesus to lead its Australian and New Zealand channel in a bid to continue its regional "momentum".
Technologies, Techniques, and Standards
What to Know About Ransomware Crisis Planning (Health Tech Magazine) In the event that a ransomware attack hits a healthcare organization, leaders need to have a defined strategy already prepared.
The positive side of ransomware for data transformation (VentureBeat) We all know about the evils of ransomware, but let’s talk about its positive side for data, data management, and data transformation.
Countering Ransomware with MITRE ATT&CK® 101 Guide (AttackIQ) Developing a security program that revolves around threat-informed defense is a challenge that’s well worth the effort.
Plugging the holes: How to avoid data breaches in 2022 (AppleMagazine) Cybersecurity is one of the hottest topics in business. It is hardly surprising, given the fact that many companies, particularly the smaller ones, are frequently targeted by cybercriminals who would...
Design and Innovation
The End of Car Keys, Passwords and Fumbling With Your Phone at Checkout (Wall Street Journal) The ultra-wideband, or UWB, technology that powers Apple’s AirTags could reshape how we interact with devices—if companies can overcome privacy concerns and other hurdles.
Here’s the truth about the crypto miner that comes with Norton Antivirus (The Verge) Doesn’t go behind your back, does have a tax.
500M Avira Antivirus Users Introduced to Cryptomining (KrebsOnSecurity) Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn't alone in this dubious endeavor: Avira antivirus -- which…
NGA working with NRO to target satellite imagery 'deep fakes' (Breaking Defense) NGA's Chief Information Office Mark Andress said he has an entire engineering team dedicated to certifying the accuracy and validity of imagery products and the metadata around them.
The creator of bitcoin remains mysterious for a reason – unhooding him could bring them crashing down (The Economic Times) The 2021 British dark comedy directed by Tom Sands, Decrypted, is about a US National Security Agency team that kidnaps Nakamoto, and tortures him in an attempt to winkle out information that will destroy the entire cryptocurrency industry
Academia
Cyber Command partners with US universities to prepare graduates for military cyber roles (The Record by Recorded Future) US Cyber Command announced last week a partnership with 84 colleges and universities from 34 states and the District of Columbia aimed at educating and preparing graduates for cybersecurity roles in the US military.
Legislation, Policy, and Regulation
Iran blacklists 51 American officials, commanders for involvement in Gen. Soleimani assassination (PressTV) Iran blacklists 51 American officials and commanders for their involvement in the US assassination of General Soleimani 2 years ago.
Sullivan warns Iran of 'severe consequences' if American citizens are attacked (TheHill) White House national security adviser Jake Sullivan on Sunday warned Iran that it would face "serious consequences" if any U.S. citizens are attacked after Iranian officials sanctioned multiple Americans.
Former Trump UN Envoy Feels ‘Honoured’ After Getting Added to Iran’s Terror Listing (Sputnik) The Islamic Republic sanctioned 51 senior former and current US officials on Saturday over their suspected role in the 2020 drone strike assassination of Qasem Soleimani – Iran’s top anti-terror commander, as well as “the glorification of terrorism” generally.
Kazakhstan officials say 164 are dead in protests, country now ‘stabilized’ (Washington Post) Kazakhstan government officials said Sunday that government buildings and institutions in all regions were back under state control after days of violence and bloodshed amid sweeping anti-government protests.
Putin claims victory in defending Kazakhstan from revolt (Reuters) Russian President Vladimir Putin claimed victory on Monday in defending Kazakhstan from what he described as a foreign-backed terrorist uprising, and promised leaders of other ex-Soviet states that a Moscow-led alliance would protect them too.
Putin, after Kazakh unrest, says Russian-led bloc will stymie any coups (Reuters) Russian President Vladimir Putin on Monday blamed Kazakhstan's violent unrest on destructive internal and external forces, and said the Russian-led CSTO military alliance would not allow its member governments to be toppled in ex-Soviet "colour revolutions".
Moscow blasts U.S. after Antony Blinken questions Russian troops in Kazakhstan (Newsweek) Russian officials suggested Blinken look at U.S. history after stating "once Russians are in your house, it's sometimes very difficult to get them to leave."
What's Russia Doing in Kazakhstan? (Wall Street Journal) After a steep rise in gas prices, violent protests broke out in the Central Asian nation of Kazakhstan. Dozens have been killed, most of the country's government has resigned and, now, Russian-led forces are entering the country to intervene. WSJ's James Marson traces the roots of these protests.
US, Russia meet for talks amid tensions over Ukraine (Military Times) No major breakthrough is expected.
Russia Thinks America Is Bluffing (Foreign Affairs) To deter a Ukraine invasion, Washington’s threats need to be tougher.
How Russia’s Military Is Positioned to Threaten Ukraine (New York Times) Russian forces now surround Ukraine on three sides, and Western officials fear a military operation could start as soon as this month.
Biden administration says 'no firm commitment' will be made during talks with Russia (CNBC) The Russian Embassy in Washington, D.C., did not immediately respond to CNBC's request for comment.
U.S. plans to discuss missile deployments with Russia as part of effort to defuse Ukraine crisis (Washington Post) Negotiators for the United States are planning to show up to talks with their Russian counterparts Monday with proposals to discuss the placement of missiles and scope of military exercises in Europe, according to people familiar with the plans.
If we offered Russia a bridge out of conflict, would they buy it? (The Week) The mistaken assumption undergirding U.S.-Russia diplomacy
When It Comes to Strategic Rivalries, History Doesn’t Take Sides (World Politics Review) The Russia-Ukraine crisis and the one-year anniversary of the Capitol insurgency are not directly related. But they both make up parts of a difficult challenge facing U.S. policymakers: how to preserve Washington’s global leadership role at a time when its model of governance is increasingly called into question.
Analysis: Hong Kong's free press is being 'gutted.' Here's what the world loses (CNN) In the past year, two of Hong Kong's biggest pro-democracy media outlets were toppled after enormous government pressure, a series of arrests and police raids on their newsrooms.
Bipartisan Group of Senators Calls for Agency Update on Cybersecurity Plans for Transportation (Hstoday) The Senators say that many state and local transit agencies “are not fully equipped to implement more than basic cybersecurity protections".
BluePrint Data’s Calls for Classifying Ransomware and Internet Security as National Security Priority (IT News Online) BluePrint Data’s Calls for Classifying Ransomware and Internet Security as National Security Priority
Litigation, Investigation, and Law Enforcement
Kazakhstan’s Former Security Chief Is Detained on Treason Charges (Wall Street Journal) More than 4,400 people, including foreign citizens, are being held in connection with protests venting frustration with the economy and closely controlled political system.
UK ICO wants to talk to Meta about child protection in VR (Computing) If the Oculus headset if found to break child safety rules, Meta could face a fine of up to four per cent of its annual global turnover
Arizona Republican Slams Cyber Ninjas After It Shuts Down, Refuses to Release Documents (Newsweek) A Republican official from Maricopa County slammed Cyber Ninjas—the controversial Florida-based company behind a partisan audit of Arizona's 2020 election results—after it said it was "insolvent" and confirmed it would shut down on Thursday.
Elgar Parishad case lawyer claims phone hacked using Pegasus, offers device to SC-appointed panel for probe (India Today) Lawyer Nihal Singh Rathod has written to the committee appointed by the Supreme Court to probe the Pegasus spyware scandal to say he has reasons to believe his mobile phone was hacked. He has also offered his mobile phone for examination by the panel.
Gullible users, lack of regulation, spur crypto cyber crimes in India (Mint) Stealing cryptos from wallets through phishing or tricking people into spending on unknown or fake cryptos such as Morris coin are some of the ways in which crypto owners and investors have been targeted by scammers and hackers recently
War room to fight cyber wars, secure economy (The Sunday Guardian Live) A comprehensive policy must be put together to ring fence cyber fraudsters, mafia and hackers to insulate Indian financial markets. Even as the RBI readies its plans to launch digital rupee later this year, government and the banking regulator’s big focus will have to be on insulating Indian economy from cyber
We regularly warn of impending threats, says Sanjay Bahl, DG, CERT-In (The Week) Interview/ Sanjay Bahl, DG, CERT-In
Cyber crime: There is not a single institution where the buck stops (The Week) Around 1.3 billion Indians have a unique digital identity; 750 million use
How Signal is playing with fire (Platformer) A push into untraceable payments could put end-to-end encryption at risk
Israeli security gear helps in combating cybercrime and terror (Weekly Blitz) Security gear invented and manufactured by Israel are helping a large number of nations, including several Muslim nations in combating cybercrime and terrorist activities. Amongst the prominent manufacturers of security apparatus, Cellebrite is one of the Israeli companies, where its Universal Forensic Extraction Device is used in the investigations of the crucial cybercrime and activities […]
California Man Pleads Guilty Over Role in $50 Million Fraud Scheme (SecurityWeek) A California man this week admitted before a U.S. district judge to his role in a $50 million internet-enabled fraud scheme.
Court Orders Twitter Reveal Anonymous Tweeter Over Sketchy Copyright Claim, Because That Tweeter Won't Show Up In Court (Techdirt.) Back in November we wrote about a very bizarre attempt to abuse copyright law to uncover who was behind a Twitter account, @CallMeMoneyBags. That account tweeted out various things mocking and shaming various extremely wealthy people, including...
Tech Startup Wants To Gamify Suing People Using Crypto Tokens (Vice) The new company plans to let everyday Americans bet on civil lawsuits by buying and trading associated crypto tokens in "initial litigation offerings.”
Victims of $200 million hack of BitMart crypto exchange still waiting to get their money back (The Verge) Users have been waiting for over a month.