This posting is here to collect cyber security news in December 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in December 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
435 Comments
Tomi Engdahl says:
Storage Devices of Major Vendors Impacted by Encryption Software Flaws
https://www.securityweek.com/storage-devices-major-vendors-impacted-encryption-software-flaws
Storage devices from several major vendors are affected by vulnerabilities discovered by a researcher in third-party encryption software they all use.
Earlier this month, SecurityWeek reported that Western Digital had updated its SanDisk SecureAccess product to address vulnerabilities that can be exploited to gain access to user data through brute force and dictionary attacks.
SanDisk SecureAccess, recently rebranded SanDisk PrivateAccess, is a piece of software that allows users to encrypt files and folders stored in a protected vault on SanDisk USB flash drives.
Researcher Sylvain Pelissier has discovered that the software is affected by a couple of key derivation function issues that can allow an attacker to obtain user passwords.
DataVault is advertised as a solution that provides “military grade data protection and security features” to various types of systems, including USB drives, hard drives, NAS devices, CDs and DVDs, computers, and various cloud services.
Pelissier discovered that DataVault is used by vendors such as WD (which owns SanDisk), Sony and Lexar, and the issues he identified impact the products of each company.
Pelissier used reverse engineering and various other techniques and tools to find the weaknesses that could allow brute force attacks. The CVE identifiers CVE-2021-36750 and CVE-2021-36751 have been assigned.
“It turned out that the key derivation function was PBKDF2 using 1000 iteration of MD5 to derive the encryption key,” the researcher explained. “The salt used to derive the keys is constant and hardcoded in all the solutions and all the vendors. This makes it easier for an attacker to guess the user password of a vault using time/memory tradeoff attack techniques such as rainbow tables and to re-use the tables to retrieve passwords for all users using the software. The implementation itself was incorrect and even with a randomly generated unique salt, it would be effortless to recover the password of a user.”
Tomi Engdahl says:
Another Remote Code Execution Vulnerability Patched in Log4j
https://www.securityweek.com/another-remote-code-execution-vulnerability-patched-log4j
The developers of Log4j have patched another remote code execution vulnerability affecting the widely used logging utility.
CVE-2021-44228, also known as Log4Shell, was identified in late November and it has been exploited in many attacks since early December. Since the discovery of this bug, security researchers have been increasingly interested in Log4j, which, unsurprisingly, has led to the discovery of several new vulnerabilities.
The latest flaw, tracked as CVE-2021-44832, has been patched with the release of Log4j 2.17.1, 2.12.4 and 2.3.2. The fix was released on December 28, just one day after it was reported to developers.
“Apache Log4j2 versions 2.0-beta7 through 2.17.0 are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code,” Log4j developers wrote in an advisory released on Tuesday.
Tomi Engdahl says:
Checkmarx, whose researchers discovered the latest flaw, on Tuesday published a blog post detailing CVE-2021-44832, which the cybersecurity firm described as a deserialization issue that doesn’t rely on the Lookup feature that Log4j developers disabled after the disclosure of Log4Shell to prevent abuse.
CVE-2021-44832 – Apache Log4j 2.17.0 Arbitrary Code Execution via JDBCAppender DataSource Element
https://checkmarx.com/blog/cve-2021-44832-apache-log4j-2-17-0-arbitrary-code-execution-via-jdbcappender-datasource-element/
Log4j is a highly popular logging package in Java that is used widely by developers, companies such as Google, Steam, Apple, Minecraft, and even on one of NASA’s Mars rovers utilize this package. On December 9th, the most critical zero-day exploit in recent years was discovered in log4j. The vulnerability CVE-2021-44228 was unauthenticated, zero-click RCE (Remote Code Execution) by logging a certain payload.
Following that, a big hype was created in the world and especially in the security community, making many researchers interested in logging packages. Several other vulnerabilities and bypasses were found and published since then in log4j and other logging packages, find out more on our “Variants and Updates” blog.
https://checkmarx.com/resources/homepage/apache-log4j-rce-variants-and-updates
Tomi Engdahl says:
Norwegian Media Firm Amedia Suffers Disruption Due to Cyberattack
https://www.securityweek.com/norwegian-media-firm-amedia-suffers-disruption-due-cyberattack
Norwegian media company Amedia on Tuesday announced that it fell victim to a cyberattack that forced it to shut down multiple systems.
The second largest media company in Norway, Amedia owns 50 local and regional online and printed newspapers, as well as the Avisenes Nyhetsbyrå news agency.
The cyberattack, which took place in the night between December 27 and December 28, has had an impact on systems administered by Amedia Teknologi, the media giant’s central IT company.
Amedia says that the breach has affected its ability to print newspapers, because systems responsible for newspaper, advertisement, and subscription management are not operating normally.
“The problems we experience are due to an external data attack on some of our systems. We are in the process of gaining an overview of the situation, but do not yet know the full potential for damage,” the company says.
https://amedia.no/aktuelt/nyheter/item/amedia-utsatt-for-et-alvorlig-dataangrep
Tomi Engdahl says:
University Loses 77TB of Research Data Due To Backup Error
https://m.slashdot.org/story/394505
University Loses Valuable Supercomputer Research After Backup Error Wipes 77 Terabytes of Data
Kyoto University in Japan recently suffered a technical error that wiped out a whole lot of valuable information.
https://gizmodo.com/university-loses-valuable-supercomputer-research-after-1848286983
Tomi Engdahl says:
Meanwhile, in America…
Reporter likely to be charged for using “view source” feature on web browser
https://boingboing.net/2021/12/30/reporter-likely-to-be-charged-for-using-view-source-feature-on-web-browser.html
A St. Louis Post-Dispatch reporter who viewed the source HTML of a Missouri Department of Elementary and Secondary Education website is now likely to be prosecuted for computer tampering, says Missouri Governor Mike Parson.
All web browsers have a “view source” menu item that lets you see the HTML code of the web page it is displaying.
The reporter discovered that the source code of the website contained Social Security numbers of educators. The reporter alerted the state about the social security numbers. After the state removed the numbers from the web page, the Post-Dispatch reported the vulnerability.
Soon after, Governor Parson, “who has often tangled with news outlets over reports he doesn’t like, announced a criminal investigation into the reporter and the Post-Dispatch.”
“If somebody picks your lock on your house — for whatever reason, it’s not a good lock, it’s a cheap lock or whatever problem you might have — they do not have the right to go into your house and take anything that belongs to you,” Parson said in a statement.
A commenter on the Post-Dispatch story offers a more apt analogy:
A better analogy would be you’re walking in the street past a neighbor’s house and notice their front door wide open with no one around. You can see a purse and car keys near the door. You phone that neighbor, and tell them their door is open and their purse and keys are easily visible from the street. Would Parson consider this breaking and entering?
From the Post-Dispatch:
[A] state cybersecurity specialist informed Sandra Karsten, the director of the Department of Public Safety, that an FBI agent said the incident “is not an actual network intrusion.”
Instead, the specialist wrote, the FBI agent said the state’s database was “misconfigured,” which “allowed open source tools to be used to query data that should not be public.”
“These documents show there was no network intrusion,”
the reporter should have been thanked for the responsible way he handled the matter and not chastised or investigated as a hacker.”
Tomi Engdahl says:
https://www.idownloadblog.com/2021/12/03/apple-airtag-car-thefts-report/
Tomi Engdahl says:
New Malware Uses SSD Over-Provisioning to Bypass Security Measures
By Aaron Klotz published about 12 hours ago
An almost perfect way to stealthily store malware
https://www.tomshardware.com/news/ssd-over-provisioning-vulnerability
Over-provisioning is a feature included in all modern SSDs that improves the lifespan and performance of the SSD’s built-in NAND storage. Over-provisioning in essentially just empty storage space. But, it gives the SSD a chance to ensure that data is evenly distributed between all the NAND cells by shuffling data to the over-provisioning pool when needed.
While this space is supposed to be inaccessible by the operating system — and thus anti-virus tools — this new malware can infiltrate it and use it as a base of operations.
Korean researchers at the Korea University in Seoul modeled two attacks that utilize the over-provisioned space.
SSDs rarely physically delete data, unless it’s absolutely necessary, to preserve resources.
Tomi Engdahl says:
APT Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools https://threatpost.com/aquatic-panda-log4shell-exploit-tools/177312/
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group (APT) to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during an attack that involved of a large undisclosed academic institution, according to research released Wednesday. “Aquatic Panda is a China-based APT with a dual mission of intelligence collection and industrial espionage, ” wrote Benjamin Wiley, the author of the CrowdStrike report.
Tomi Engdahl says:
Firmware attack can drop persistent malware in hidden SSD area https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/
Korean researchers have developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that’s beyond the reach of the user and security solutions.
The attack models are for drives with flex capacity features and target a hidden area on the device called over-provisioning, which is widely used by SSD makers these days for performance optimization on NAND flash-based storage systems. Hardware-level attacks offer ultimate persistence and stealth. Sophisticated actors have worked hard to implement such concepts against HDDs in the past, hiding malicious code in unreachable disk sectors.
Tomi Engdahl says:
Agent Tesla Updates SMTP Data Exfiltration Technique
https://isc.sans.edu/diary/rss/28190
Agent Tesla is a Windows-based keylogger and RAT that commonly uses SMTP or FTP to exfiltrate stolen data. This malware has been around since 2014, and SMTP is its most common method for data exfiltration.
Through November 2021 Agent Tesla samples sent their emails to compromised or possibly fraudulent email accounts on mail servers established through hosting providers. Since December 2021, Agent Tesla now uses those compromised email accounts to send stolen data to Gmail addresses.
Tomi Engdahl says:
Rekisterinpitäjän tulee arvioida Log4j-haavoittuvuudesta henkilötiedoille aiheutuvat riskit https://tietosuoja.fi/-/rekisterinpitajan-tulee-arvioida-log4j-haavoittuvuudesta-henkilotiedoille-aiheutuvat-riskit
Rekisterinpitäjän tulee ilmoittaa Log4j-komponentin haavoittuvuudesta johtuvasta tietoturvaloukkauksesta tietosuojavaltuutetun toimistolle, jos hyökkäys on vaarantanut henkilötietoja. Loukkauksesta on ilmoitettava myös kohteeksi joutuneille henkilöille, jos tietojen vaarantuminen aiheuttaa heille korkean riskin. Apache Log4j-komponentista on löydetty useita kriittisiä haavoittuvuuksia.
Kyberturvallisuuskeskus varoitti Log4shell-haavoittuvuudesta 10.
joulukuuta.
Tomi Engdahl says:
LastPass VPs confirm ‘no indication’ of compromised accounts after security alerts https://www.zdnet.com/article/lastpass-vp-says-no-indication-that-accounts-compromised-or-credentials-harvested-after-reports/
Two LastPass vice presidents have released statements about the situation surrounding LastPass security issues that came to light this week. Two days ago, hundreds of LastPass users took to Twitter, Reddit, and other sites to complain that they were getting alerts about their master password being used by someone who was not them.
Some reported that even after changing their master password, someone tried to access their account again. On Tuesday, the company released a brief statement noting that its security team observed and received reports of potential credential stuffing attempts. Credential stuffing involves attackers stealing credentials (usernames, passwords, etc.) to access users’ accounts.
Tomi Engdahl says:
T-Mobile confirms SIM swapping attacks led to breach https://www.zdnet.com/article/t-mobile-confirms-sim-swapping-attacks-led-to-breach/
T-Mobile has confirmed a data breach that was caused in part by SIM swapping attacks, according to a statement from the company. The T-Mo Report, a blog tracking T-Mobile, obtained internal reports showing that some data was leaked from a subset of customers. The customers, according to The T-Mo Report, come in three varieties. Some had their customer proprietary network information (CPNI) leaked, others had their SIMs swapped and a small group suffered from both. CPNI includes information about a customer’s plan, the number of lines, the phone numbers, the billing account and more. When pressed for comment by ZDNet, T-Mobile refused to go into detail about the attack and would not say how many customers were affected in the incident.
Tomi Engdahl says:
University loses 77TB of research data due to backup error https://www.bleepingcomputer.com/news/security/university-loses-77tb-of-research-data-due-to-backup-error/
The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer.
The incident occurred between December 14 and 16, 2021, and resulted in 34 million files from 14 research groups being wiped from the system and the backup file. After investigating to determine the impact of the loss, the university concluded that the work of four of the affected groups could no longer be restored. The plan is to also keep incremental backups – which cover files that have been changed since the last backup happened – in addition to full backup mirrors.
Tomi Engdahl says:
LastPass Automated Warnings Linked to ‘Credential Stuffing’ Attack
https://www.securityweek.com/lastpass-automated-warnings-linked-%E2%80%98credential-stuffing%E2%80%99-attack
Users of the popular LastPass password manager are being targeted in so-called “credential stuffing” attacks that use email addresses and passwords obtained from third-party breaches.
That’s the official word from LastPass in response to public reports that some users received blocked access emails warnings that are normally sent to users who log in from different devices and locations.
The email notifications raised fears of a data compromise at the LogMeIn-owned startup that claims more than 30 million users and 85,000 business customers worldwide. However, in a note credited to VP of Engineering Gabor Angyal, LastPass downplayed the severity of the issue and said the warnings were linked to known credential-stuffing attacks.
Tomi Engdahl says:
Chinese Spies Exploit Log4Shell to Hack Major Academic Institution
https://www.securityweek.com/chinese-spies-exploit-log4shell-hack-major-academic-institution
China-linked cyberespionage group Aquatic Panda was recently observed exploiting the Log4Shell vulnerability to compromise a large academic institution, CrowdStrike’s Falcon OverWatch team reports.
Tracked as CVE 2021-44228 and also referred to as Log4Shell and LogJam, the security hole affects the Apache Log4j Java logging framework and has been exploited in targeted attacks since early December.
As part of a recent campaign, the OverWatch security researchers observed Aquatic Panda leveraging a modified version of the Log4j exploit for initial access, and then performing various post-exploitation operations, including reconnaissance and credential harvesting.
In their attempt to compromise the unnamed academic institution, the attackers targeted a VMware Horizon instance that employed the vulnerable Log4j library. The exploit used in this attack was initially published on GitHub on December 13.
Tomi Engdahl says:
Storage Devices of Major Vendors Impacted by Encryption Software Flaws
https://www.securityweek.com/storage-devices-major-vendors-impacted-encryption-software-flaws
Storage devices from several major vendors are affected by vulnerabilities discovered by a researcher in third-party encryption software they all use.
Earlier this month, SecurityWeek reported that Western Digital had updated its SanDisk SecureAccess product to address vulnerabilities that can be exploited to gain access to user data through brute force and dictionary attacks.
SanDisk SecureAccess, recently rebranded SanDisk PrivateAccess, is a piece of software that allows users to encrypt files and folders stored in a protected vault on SanDisk USB flash drives.
Researcher Sylvain Pelissier has discovered that the software is affected by a couple of key derivation function issues that can allow an attacker to obtain user passwords.
Pelissier detailed his findings this week at the Chaos Computer Club’s Remote Chaos Experience (rC3) virtual conference, where he revealed that the vulnerabilities were actually discovered in the DataVault encryption software made by ENC Security.
Tomi Engdahl says:
Another Remote Code Execution Vulnerability Patched in Log4j
https://www.securityweek.com/another-remote-code-execution-vulnerability-patched-log4j
The developers of Log4j have patched another remote code execution vulnerability affecting the widely used logging utility.
CVE-2021-44228, also known as Log4Shell, was identified in late November and it has been exploited in many attacks since early December. Since the discovery of this bug, security researchers have been increasingly interested in Log4j, which, unsurprisingly, has led to the discovery of several new vulnerabilities.
The latest flaw, tracked as CVE-2021-44832, has been patched with the release of Log4j 2.17.1, 2.12.4 and 2.3.2. The fix was released on December 28, just one day after it was reported to developers.
“Apache Log4j2 versions 2.0-beta7 through 2.17.0 are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code,” Log4j developers wrote in an advisory released on Tuesday.
The vulnerability has been assigned a severity rating of “moderate” with a CVSS score of 6.6, but it’s not uncommon for the severity ratings assigned to Log4j issues to change.
For example, a previously identified Log4j vulnerability, CVE-2021-45046, which can be exploited for denial-of-service (DoS) attacks, was initially classified as “medium severity” and later updated to “critical.” CVE-2021-45105, on the other hand, which is also a DoS vulnerability, was initially rated “high severity” and later changed to “medium.”
Checkmarx, whose researchers discovered the latest flaw, on Tuesday published a blog post detailing CVE-2021-44832, which the cybersecurity firm described as a deserialization issue that doesn’t rely on the Lookup feature that Log4j developers disabled after the disclosure of Log4Shell to prevent abuse.
“The complexity of this vulnerability is higher than the original CVE-2021-44228 since it requires the attacker to have control over the configuration (like the ‘logback’ vulnerability CVE-2021-42550),” Checkmarx explained.
Tomi Engdahl says:
Norwegian Media Firm Amedia Suffers Disruption Due to Cyberattack
https://www.securityweek.com/norwegian-media-firm-amedia-suffers-disruption-due-cyberattack
Norwegian media company Amedia on Tuesday announced that it fell victim to a cyberattack that forced it to shut down multiple systems.
The second largest media company in Norway, Amedia owns 50 local and regional online and printed newspapers, as well as the Avisenes Nyhetsbyrå news agency.
The cyberattack, which took place in the night between December 27 and December 28, has had an impact on systems administered by Amedia Teknologi, the media giant’s central IT company.
Amedia says that the breach has affected its ability to print newspapers, because systems responsible for newspaper, advertisement, and subscription management are not operating normally.
“The problems we experience are due to an external data attack on some of our systems. We are in the process of gaining an overview of the situation, but do not yet know the full potential for damage,” the company says.
Tomi Engdahl says:
Emails show what happened before Missouri gov. falsely called journalist a “hacker”
Officials drafted statement thanking reporter, then threatened to prosecute him.
https://arstechnica.com/tech-policy/2021/12/missouri-planned-to-thank-security-journalist-before-governor-called-him-a-hacker/
Missouri state government officials planned to publicly thank a journalist who discovered a security flaw until a drastic change in strategy resulted in the governor labeling the journalist a “hacker,” while threatening both a lawsuit and prosecution.
As we wrote on October 14, St. Louis Post-Dispatch reporter Josh Renaud identified a security flaw that exposed the Social Security numbers of teachers and other school employees in unencrypted form in the HTML source code of a publicly accessible website. Renaud and the Post-Dispatch handled the problem the way responsible security researchers do—by notifying the state of the security flaw and keeping it secret until after it was fixed.
Despite that, Missouri Gov. Mike Parson called Renaud a “hacker” and said the newspaper’s reporting was nothing more than a “political vendetta” and “an attempt to embarrass the state and sell headlines for their news outlet.”
FBI apparently told state it wasn’t a hack
That all happened even as a Federal Bureau of Investigation official apparently told the state that the journalist was not a hacker, the Post-Dispatch reported
Viewing source code isn’t illegal or “hacking”
Also caught up in the October mess was Shaji Khan, a cybersecurity professor at the University of Missouri-St. Louis who helped the Post-Dispatch journalist verify the security vulnerability. After the governor’s threats, Khan hired an attorney and sent a letter to Parson and other state officials saying that they violated his First Amendment “right to speak freely without the threat of government retaliation.” The letter adds that the state’s investigation into Khan “would violate the prohibition on malicious prosecution.”
Khan’s letter also explained that viewing a website’s unencrypted source code is not illegal or “hacking.”
“No statute in Missouri or on the federal level prohibits members of the general public from viewing publicly available websites or viewing the website’s unencrypted source code,” the letter said. “No reasonable person would think they were unauthorized to view a publicly available website, its unencrypted source code, or any of the unencrypted translations of that source code.”
The Missouri government website was designed to let the public search teacher certifications and credentials. But “a major security flaw” in the website caused it to “send the full Social Security number of Missouri teachers to every visitor to the website, whether the visitor was aware or not. That information was also programmed to be automatically stored in the visitors’ web browsers,” Khan’s letter said. The source code could easily be translated into plain text.
“None of the data was encrypted, no passwords were required, and no steps were taken by the State of Missouri to protect the Social Security numbers of its teachers that the State automatically sent to every website visitor,” Khan’s letter said.
Tomi Engdahl says:
New Malware Uses SSD Over-Provisioning to Bypass Security Measures
By Aaron Klotz published 2 days ago
An almost perfect way to stealthily store malware
https://www.tomshardware.com/news/ssd-over-provisioning-vulnerability
Tomi Engdahl says:
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
https://thehackernews.com/2021/12/new-apache-log4j-update-released-to.html
Tomi Engdahl says:
Experts Discover Backdoor Deployed on the U.S. Federal Agency’s Network
https://thehackernews.com/2021/12/experts-discover-backdoor-deployed-on.html
Tomi Engdahl says:
Saitko Googlelta viestin Microsoft Teamsin tarvitsemasta kriittisestä päivityksestä? Tästä on kyse – päivitä, etteivät hätäpuhelut esty
https://mobiili.fi/2021/12/31/saitko-googlelta-viestin-microsoft-teamsin-tarvitsemasta-kriittisesta-paivityksesta-tasta-on-kyse-paivita-etteivat-hatapuhelut-esty/
Tomi Engdahl says:
Have I Been Pwned adds 441K accounts stolen by RedLine malware https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-441k-accounts-stolen-by-redline-malware/
The Have I Been Pwned data breach notification service now lets you check if your email and password are one of 441, 000 accounts stolen in an information-stealing campaign using RedLine malware. RedLine is currently the most widely used information-stealing malware, distributed through phishing campaigns with malicious attachments, YouTube scams, and warez/crack sites. Once installed, the RedLine malware will attempt to steal cookies, credentials, credit cards, and autocomplete information stored in browsers. It also steals credentials stored in VPN clients and FTP clients, steals cryptocurrency wallets, and can download additional software or execute commands on the infected system. The stolen data is collected into an archive, called “logs, ” and uploaded to a remote server from where the attacker can later collect them. Attackers use these logs to compromise other accounts or sell them on dark web criminal marketplaces for as little as $5 per log.
Tomi Engdahl says:
PulseTV discloses potential compromise of 200, 000 credit cards https://www.bleepingcomputer.com/news/security/pulsetv-discloses-potential-compromise-of-200-000-credit-cards/
U.S. online store PulseTV has disclosed a large-scale customer credit card compromise. As per the notification letter shared with the Office of the Maine Attorney General, more than 200, 000 shoppers have been impacted. The platform found out about a potential breach from VISA on March 8, 2021, who informed them that unauthorized credit card transactions were taking place on the site. After running some security checks and scanning for malware, PulseTV was unable to pinpoint any issues on its e-commerce website. However, the problem persisted as law enforcement contacted them a few months later regarding payment card compromises that appeared to have originated from pulsetv.com.
Tomi Engdahl says:
Chinese Spies Exploit Log4Shell to Hack Major Academic Institution
https://www.securityweek.com/chinese-spies-exploit-log4shell-hack-major-academic-institution
China-linked cyberespionage group Aquatic Panda was recently observed exploiting the Log4Shell vulnerability to compromise a large academic institution, CrowdStrike’s Falcon OverWatch team reports.
Tracked as CVE 2021-44228 and also referred to as Log4Shell and LogJam, the security hole affects the Apache Log4j Java logging framework and has been exploited in targeted attacks since early December.
As part of a recent campaign, the OverWatch security researchers observed Aquatic Panda leveraging a modified version of the Log4j exploit for initial access, and then performing various post-exploitation operations, including reconnaissance and credential harvesting.
In their attempt to compromise the unnamed academic institution, the attackers targeted a VMware Horizon instance that employed the vulnerable Log4j library. The exploit used in this attack was initially published on GitHub on December 13.
Tomi Engdahl says:
LastPass Automated Warnings Linked to ‘Credential Stuffing’ Attack
https://www.securityweek.com/lastpass-automated-warnings-linked-%E2%80%98credential-stuffing%E2%80%99-attack
Users of the popular LastPass password manager are being targeted in so-called “credential stuffing” attacks that use email addresses and passwords obtained from third-party breaches.
Tomi Engdahl says:
Storage Devices of Major Vendors Impacted by Encryption Software Flaws
https://www.securityweek.com/storage-devices-major-vendors-impacted-encryption-software-flaws
Storage devices from several major vendors are affected by vulnerabilities discovered by a researcher in third-party encryption software they all use.
Earlier this month, SecurityWeek reported that Western Digital had updated its SanDisk SecureAccess product to address vulnerabilities that can be exploited to gain access to user data through brute force and dictionary attacks.
SanDisk SecureAccess, recently rebranded SanDisk PrivateAccess, is a piece of software that allows users to encrypt files and folders stored in a protected vault on SanDisk USB flash drives.
Tomi Engdahl says:
Another Remote Code Execution Vulnerability Patched in Log4j
https://www.securityweek.com/another-remote-code-execution-vulnerability-patched-log4j
Tomi Engdahl says:
https://www.securityweek.com/norwegian-media-firm-amedia-suffers-disruption-due-cyberattack
Tomi Engdahl says:
noPac: A Tale of Two Vulnerabilities That Could End in Ransomware
Numerous public proof-of-concept exploits reveal that the noPac vulnerabilities (CVE-2021-42278 and CVE-2021-42287) are trivial to exploit and lead to privilege escalation.
https://www.secureworks.com/blog/nopac-a-tale-of-two-vulnerabilities-that-could-end-in-ransomware
Tomi Engdahl says:
Some Atlanta residents say Apple AirTags are tracking them | What to do if this happens to you
https://www.youtube.com/watch?v=GnNJdKJQry8
Tracking your lost items is becoming easier with new technology like the Apple AirTag. You can find your missing keys, wallet or purse with the press of a button. But with the solution to one problem came the advent of another; instead of using the AirTag to track items some are using them to track people.
Police reports of unwanted tracking have surfaced in Atlanta, Gwinnett County and Cobb County.
Full story: https://bit.ly/3pSYRfE
garrett metal detectors says:
I go to see daily some blogs and blogs to read content, but this webpage offers
quality based writing.