<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/13/2021

SHARE

Top News

The Log4Shell 0-day, four days on: What is it, and how bad is it really?

Log4Shell is the name given to a critical zero-day vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, a logging utility used by thousands if not millions of apps, including those used inside just about every enterprise on the planet. The Minecraft servers were the proverbial canary in the coal mine. In the four days since, it's clear Log4Shell is every bit as grave a threat as I claimed. READ MORE...


Researchers release 'vaccine' for critical Log4Shell vulnerability

Researchers from cybersecurity firm Cybereason has released a "vaccine" that can be used to remotely mitigate the critical 'Log4Shell' Apache Log4j code execution vulnerability running rampant through the Internet. Apache Log4j is a Java-based logging platform that can be used to analyze web server access logs or application logs. The software is heavily used in the enterprise, eCommerce platforms, and games, such as Minecraft who rushed out a patched version earlier today. READ MORE...

Breaches

Volvo Cars discloses security breach leading to R&D data theft

Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers. "Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party," the company disclosed today. "Investigations so far confirm that a limited amount of the company's R&D property has been stolen during the intrusion. Volvo Cars has earlier today concluded, that there may be an impact on the company's operation." READ MORE...


Irish Health Service ransomware attack happened after one staffer opened malware-ridden email

Ireland's Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy's damning report has revealed. Issued today, the report from PWC (formerly known as PriceWaterhouseCoopers) said that the hugely harmful Conti ransomware infection was caused because of the simplest attack vector known to infosec: spam. READ MORE...

Software Updates

Telehealth app Doxy.me is fixing a leak that exposed patient data to Facebook, Google

Telehealth platform Doxy.me is fixing an issue that allowed three third-party firms to access the names of some patients' providers, the company told CyberScoop after it notified the company of the problem. The company, which self-reports as holding 30% of the growing U.S. telemedicine market and is currently used by over 1 million providers worldwide, appeared to also be sharing IP addresses and unique device identification numbers with Google, Facebook and the marketing software company HubSpot. READ MORE...

Malware

Microsoft: These are the building blocks of QBot malware attacks

As QBot campaigns increase in size and frequency, researchers are looking into ways to break the trojan's distribution chain and tackle the threat. Over the past few years, Qbot (Qakbot or QuakBot) has grown into widely spread Windows malware that allows threat actors to steal bank credentials and Windows domain credentials, spread to other computers, and provide remote access to ransomware gangs. READ MORE...


Mirai-Based 'Manga' Botnet Targets Recent TP-Link Vulnerability

A newly discovered variant of the Mirai-based Manga botnet is targeting a vulnerability in TP-Link routers that was addressed last month. Tracked as CVE-2021-41653, the bug affects the TL-WR840N EU v5 home wireless router devices running firmware iterations up to version TL-WR840N(EU)_V5_171211. TP-Link released an update that patches the flaw on November 12, the same day the flaw was made public. READ MORE...

Exploits/Vulnerabilities

Log4Shell explained - how it works, why you need to know, and how to fix it

In this article, we explain the Apache Log4Shell vulnerability in plain English, and give you some simple educational code that you can use safely and easily at home (or even directly on your own servers) in order to learn more. Just to be clear up front: we're not going to show you how to build a working exploit, or how set up the services you need in the cloud to deliver active payloads. READ MORE...

On This Date

  • ...in 1925, actor and comedian Dick Van Dyke ("Mary Poppins", "The Dick Van Dyke Show") is born in West Plains, MO.
  • ...in 1957, actor Steve Buscemi ("Fargo", "Boardwalk Empire") is born in New York City.
  • ...in 1972, Apollo 17 astronauts Eugene Cernan and Harrison Schmitt begin their final EVA "moonwalk" on the lunar surface. They are still the last humans to set foot on the Moon.
  • ...in 1978, the first Susan B. Anthony dollars are struck at the Philadelphia Mint.