Security News > 2021 > December

"Our reports of the last 48 hours prove that both criminal-hacking groups and nation state actors are engaged in the exploration of this vulnerability, and we should all assume more such actors' operations are to be revealed in the coming days," Check Point added. Log4J based on what I've seen, there is evidence that a worm will be developed for this in the next 24 to 48 hours.

Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks. Earlier this month, Emotet began to test installing Cobalt Strike beacons on infected devices instead of their regular payloads.

Initial access brokers are cybercriminals who specialize in breaching companies and then selling the access to ransomware attackers. You might assume these cybercriminals are very skilled, since they are able to compromise a lot of companies; what if I told you they are maybe not as skilled as you might think, and that a lot of these groups simply buy the access to companies from other cybercriminals? Welcome to the world of initial access brokers.

Eighteen US Democratic lawmakers have asked the Treasury Department and State Department to punish Israel-based spyware maker NSO Group and three other surveillance software firms for enabling human rights abuses. In a letter [PDF] signed by US Senator Ron Wyden, House Intelligence Committee Chairman Adam Schiff, and 16 others, the legislators urge Secretary of the Treasury Janet Yellen and Secretary of State Antony Blinken to apply sanctions to the NSO Group, UAE-based DarkMatter Group, and EU-based Nexa Technologies and Trovicor, under the Global Magnitsky Act.

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C#-developed.NET v4.0 assembly that is intended to be loaded as a module within an IIS web server that also exposes Exchange's Outlook Web Access," Kaspersky researchers Paul Rascagneres and Pierre Delcher said.

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. It's worth noting that this is in addition to the 21 flaws resolved in the Chromium-based Microsoft Edge browser.

Meta Platforms, the company formerly known as Facebook, has announced that it's expanding its bug bounty program to start rewarding valid reports of scraping vulnerabilities across its platforms as well as include reports of scraping data sets that are available online. To that end, the social media giant aims to monetarily compensate for valid reports of scraping bugs in its service and identify unprotected or openly public databases containing no less than 100,000 unique Facebook user records with personally identifiable information such as email, phone number, physical address, religious, or political affiliation.

Microsoft is working on making Windows Terminal the default terminal emulator program in Windows 11 instead of the Windows Console Host, starting next year. Unlike the current default app, the Windows Terminal app comes with support for multiple console tabs in a single window and choosing between the cmd shell, PowerShell, and Linux distro shells installed via the Windows Subsystem for Linux.

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access."The particular danger with Owowa is that an attacker can use the module to passively steal credentials from users who are legitimately accessing web services," he explained.

SAP has identified 32 apps that are affected by CVE-2021-44228 - the critical vulnerability in the Apache Log4j Java-based logging library that's been under active attack since last week. Thomas Fritsch, an SAP security researcher at enterprise security firm Onapsis, said in his SAP Patch Tuesday writeup that the number of HotNews Notes may seem high, but one of them - #3089831, tagged with a CVSS score of 9.9 - was initially released on SAP's September 2021 Patch Tuesday.