<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 12/23/2021

SHARE

Top News

Five Eyes Nations Issue Joint Guidance on Log4j Vulnerabilities

Government agencies in the United States, Canada, the United Kingdom, Australia and New Zealand on Wednesday announced the release of a joint cybersecurity advisory to provide guidance on addressing the recently disclosed vulnerabilities affecting the widely used Log4j logging utility. Governments around the world have been warning organizations about the risks posed by the recent Log4j vulnerabilities. READ MORE...


Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

Don't duck at the latest mention of Apache: Two critical bugs in its HTTP web server - HTTPD - need to be patched pronto, lest they lead to attackers triggering denial of service (DoS) or bypassing your security policies. Apache, the open-source software foundation behind the Log4J logging library that's been making for so many Log4Shell headlines, on Monday put out an update to fix the two bugs in HTTPD, which is a web server that's right up there with Log4j in its ubiquity. READ MORE...

Hacking

Watch out for Christmas 2021 credential stuffing attacks!

A research from Arkose Labs has revealed that there were over two billion credential stuffing attacks (2,831,028,247) during the last 12 months, growing exponentially during the period from October 2020 to September 2021. The spike in this type of online fraud has seen an enormous 98 per cent increase from the previous year and is expected to peak during the Christmas shopping months. READ MORE...

Trends

Honeypot experiment reveals what hackers want from IoT devices

?A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. More specifically, the honeypot was meant to create a sufficiently diverse ecosystem and cluster the generated data in a way that determines the goals of adversaries. IoT (Internet of Things) devices are a booming market that includes small internet-connected devices such as cameras, lights, doorbells, smart TVs, etc. READ MORE...

Malware

Dridex malware trolls employees with fake job termination emails

A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message. Dridex is a banking malware spread through malicious emails that was initially developed to steal online banking credentials. Over time, the developers evolved the malware to use different modules that provide additional malicious behavior. READ MORE...

Information Security

FBI traces and grabs back $150 million theft that was turned into bitcoins

On December 1, 2021, the Tokyo police arrested an employee of Sony Life Insurance on suspicion of fraudulently obtaining 17 billion yen through an illegal money transfer from an overseas unit. On the same day 3,879 bitcoins, worth about $150 million, were seized by law enforcement, and on the December 20 the US government took action in federal court to return it back to Sony. READ MORE...

Exploits/Vulnerabilities

CISA's New Log4j Scanner Aims to Find Vulnerable Apps

The Cybersecurity and Infrastructure Security Agency (CISA) has released an open source scanner that businesses can use to find Web services vulnerable to Log4j remote code execution vulnerabilities CVE-2021-44228 and CVE-2021-45046. "Log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by log4j vulnerabilities," CISA officials wrote on GitHub. READ MORE...


Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw

A Bluetooth phone designed to evoke the carefree days of early childhood has been found to instead threaten the very adult prospect of being surveilled in your home. The phone is the Fisher Price Chatter Special Edition, a device that adds Bluetooth and a speaker to the smiling, brightly coloured, wheeled, rotary dial phone on which it's previously been possible to make calls only by using one's imagination. READ MORE...

On This Date

  • ...in 1929, jazz trumpeter and singer Chet Baker is born in Yale, OK.
  • ...in 1947, the electrical transistor, which revolutionized the electronics field and paved the way for smaller and cheaper technology, is first demonstrated at Bell Labs.
  • ...in 1964, Pearl Jam lead singer and songwriter Eddie Vedder is born in Evanston, IL.
  • ...in 1984, Burt Rutan's experimental Voyager aircraft becomes the first to fly non-stop around the world without refueling.