IT Security Newsletter - 12/20/2021
Logistics giant warns of BEC emails following ransomware attack
Hellmann Worldwide is warning customers of an increase in fraudulent calls and emails regarding payment transfer and bank account changes after a recent ransomware attack. The attack took place on December 9 and forced the logistics company to shut down its systems to contain the spread of the virus. However, by the time the firm's IT team responded, the actors had already exfiltrated sensitive files from the accessed servers to be used as a pressure lever in the ransom payment negotiation stage. READ MORE...
Chinese Hackers Spotted Targeting Transportation Sector
Since the middle of 2020, a Chinese state-sponsored threat actor called 'Tropic Trooper' has been targeting transportation organizations and government entities related to transportation sector, Trend Micro reports. Also known as Earth Centaur and KeyBoy, the advanced persistent threat (APT) has been around since 2011, conducting espionage campaigns against organizations in government, healthcare, high-tech, and transportation sectors in Hong Kong, the Philippines, and Taiwan. READ MORE...
Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS
All set for the weekend? Not so fast. Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga started last week, security experts have time and time again recommended version 2.16 as the safest release to be on. That changes today with version 2.17.0 out that fixes a seemingly-minor, but 'High' severity Denial of Service (DoS) vulnerability that affects log4j 2.16. READ MORE...
Serious Security: OpenSSL fixes "error conflation" bugs - how mixing up mistakes can lead to trouble
Amidst the ongoing brouhaha created by the apparently omnipresent Log4Shell security vulnerability, it's easy to lose track of all the other things that you should, and normally would, be working on anyway. Indeed, the UK's National Cyber Security Centre (NCSC) is warning that: Remediating [the Log4Shell] issue is likely to take weeks, or months for larger organisations. READ MORE...
TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library. KnownSec 404 Team's Heige first reported these attacks on Twitter on Monday after observing that the ransomware was dropped on old Windows systems using exploits abusing the flaw tracked as CVE-2021-44228 and known as Log4Shell. READ MORE...
How Risky Is the Log4J Vulnerability?
There is no doubt that the recently publicized vulnerability in Log4j is a serious one and security teams should be spending time assessing the organization's exposure. The vulnerability, CVE-2021-44228, was rated a 10.0 -- the highest possible score -- under the Common Vulnerability Scoring System (CVSS), which is used to assess the severity of a vulnerability so that security defenders can decide how to prioritize their response activities. READ MORE...
Russian Cyberspy Groups Start Exploiting Log4Shell Vulnerability
Russia has been added to the list of nation states targeting the recently disclosed Log4Shell vulnerability, with exploitation attempts linked to several of the country's cyberespionage groups. Exploitation of the Log4j vulnerability tracked as CVE-2021-44228, Log4Shell and LogJam started in early December, with initial attack reports describing activity associated with profit-driven cybercriminals delivering cryptocurrency miners, DDoS malware, ransomware and other malicious programs. READ MORE...
- ...in 1868, businessman Harvey Firestone, founder of the Firestone Tire and Rubber Company, is born in Columbiana, OH.
- ...in 1946, the beloved Frank Capra classic "It's A Wonderful Life" opens in New York City. Surprisingly, it was a box office bomb, losing over $525,000 for RKO.
- ...in 1954, novelist Sandra Cisneros ("The House on Mango Street") is born in Chicago, IL.
- ...in 2007, Queen Elizabeth II becomes the oldest living monarch of the United Kingdom, surpassing Queen Victoria's nearly 82-year lifespan.