Security News > 2021 > December

The US has returned $154 million in bitcoins stolen by a Sony employee. On December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii's wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI's bitcoin wallet.

Log4Shell is a dangerous security concern - and now Conti, a prominent ransomware group, is exploiting it to attack vulnerable servers to extort millions of dollars. Log4Shell is the most severe vulnerability hitting systems in the end of 2021.

NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide. vGPU Software License Server is impacted by CVE-2021-33228 and CVE-2021-45046 on versions 2021.07 and 2020.05 Update 1.

The Cybersecurity and Infrastructure Security Agency has announced the release of a scanner for identifying web services impacted by two Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. "Log4j-scanner is a project derived from other members of the open-source community by CISA's Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities," the cybersecurity agency explains.

Four vulnerabilities in Microsoft Teams, unpatched since March, allowed link spoofing of URLs and opened the door to DoS attacks against Android users, researchers said. Researchers from Positive Security discovered four bugs in the feature earlier this year and told Microsoft about the issues on March 10.

Major services across the internet are currently facing ongoing networking outages. "We are experiencing issues with file uploads, message editing, and other services. We're currently investigating the issue and will provide a status update once we have more information," Slack has confirmed, with its status page continuing to show further disruptions.

Sophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability affecting the Microsoft Office file format. The attackers took a publicly available proof-of-concept Office exploit and weaponized it to deliver Formbook malware.

Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept tool on December 12. The two vulnerabilities - tracked as CVE-2021-42278 and CVE-2021-42287 - have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw affecting the Active Directory Domain Services component.

In our report "Hi-Tech Crime Trends 2021/2022. Part II. Corporansom: threat number one," Group-IB attempted to figure out how the focus of the ransomware industry shifted from advanced targeted attacks to non-targeted affiliate malware distribution programs by looking into the history of how these services developed. Using the capabilities of our Threat Intelligence & Attribution system, we looked in detail into major malware samples, tactics, techniques, and tools used by threat actors, as well as into events in the dark web that led to the emergence of today's Ransomware Empire.

Online retailers are dealing with more cybersecurity threats than ever before, and the holiday season is when they have to fend them off most aggressively. In this interview with Help Net Security, Dr. Taher Elgamal, cryptographer, infosec leader and currently the CTO at Salesforce, talks about the obstacles retailers' need to overcome to increase their cybersecurity posture and his expectations for the threat landscape in 2022.