CyberIntelMag's Threat report

Weekly Cyber Threat Report, December 20 – December 24, 2021

Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.

From the good news: This week saw a lot of good news around Log4j, such as Apache releasing a new patch to fix DoS flaw in Log4j, Singapore conducting emergency talks, NVIDIA releasing a list of programs disturbed by Log4j, Honeypot experiment illustrating hackers requirements from IoT devices, CISA, FBI, and NSA releasing joint advisory and scanner about Log4j flaws.

  • Apache launched the Log4j patch v2.17.0 because the earlier version could not defend against excessive recursion in lookup evaluation and is susceptible to CVE-2021-45105, a denial of service vulnerability.
  • Reacting to the initial warning issued on December 14, Singapore organized emergency meetings with Critical Information Infrastructure (CII) sectors to prepare for potential implications of the Log4j vulnerability.
  • Meta Platforms, Facebook’s parent company, has filed a lawsuit against hackers who ran more than 39,000 phishing websites imitating Facebook, WhatsApp, and Instagram to deceive unwary users into giving their login information.
  • In an attempt to prevent users from potential cyberattacks, NVIDIA released a security alert mentioning devices vulnerable to the Log4Shell flaw.
  • Researchers at NIST and the University of Florida conducted an experiment on server farms, a vetting system, and data collection and processing infrastructure of the honeypot ecosystem to find why actors target specific IoT devices.
  • Apache Software Foundation has launched version 2.4.52 of the Apache HTTP Server (webserver) security update. It addresses two vulnerabilities tracked as CVE-2021-44790 and CVE-2021-44224.
  • CISA, FBI, and NSA have issued a joint advisory and scanner in response to the widespread exploitation of numerous vulnerabilities in Apache’s Log4j software library by malicious actors.

 

From the bad news: This week’s bad news includes Chinese hackers attacking the transportation sector, new Joker malware application being downloaded by over 500,000 Android users, Log4j flaw being exploited to install Dridex banking malware, Belgium defense ministry admitting to cyberattack via Log4j, Ubisoft acknowledging data breach, Microsoft Azure App service flaw causing customer source code leak, and others.

  • Trend Micro reported that a Chinese hacker, Tropic Trooper, has been attacking transportation companies and government entities since 2020. It aimed to acquire targeted firms’ flight schedules, financial plans, and internal documents, among other data.
  • Cyber attackers are now infecting vulnerable devices with Dridex banking malware (aka Meterpreter) by exploiting the Log4Shell flaw. It performs various harmful acts, like stealing the victim’s banking credentials, installing additional payloads, spreading to other devices, collecting screenshots, and so on.
  • TellYouThePass ransomware has resurfaced and is targeting Linux and Windows computers by exploiting the Apache Log4j CVE-2021-44228 vulnerability.
  • According to the Belgian Ministry of Defense, the Log4j vulnerability was exploited in a cyberattack against its computer network with internet access.
  • The popular game Just Dance was the target of a cyberattack on Ubisoft’s IT infrastructure. A misconfiguration caused the vulnerability that enabled unauthorized people to access and perhaps copy some personal player data.
  • Grim Finance reported that an “external adversary” had hacked the DeFi platform, taking “over $30 million” in cryptocurrency. The attacker used five reentrancy loops to compromise the protocol’s vault contract. While the platform was processing the initial transaction, they could make five other deposits into a vault.
  • For failing to report a critical security problem in the widely used Log4j logging framework on time, China’s internet regulator (MIIT) has suspended Alibaba Cloud’s partnership for six months.
  • A data breach occurred because of a phishing attempt against Monongalia Health System, a West Virginia hospital system. From May 10 – August 15, hackers had access to various email accounts having sensitive data about patients, providers, workers, and contractors.
  • A researcher discovered several flaws in the myPRO product of mySCADA (a Czech industrial automation company), including several problems with a high severity level.
  • Security experts from the Technical University of Darmstadt’s Secure Mobile Networking Group (Germany) and the University of Brescia’s CNIT (Italy) revealed that weakness in wireless chip designs might allow hackers to steal data and passwords from devices.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share: