Security News

"Our reports of the last 48 hours prove that both criminal-hacking groups and nation state actors are engaged in the exploration of this vulnerability, and we should all assume more such actors' operations are to be revealed in the coming days," Check Point added. Log4J based on what I've seen, there is evidence that a worm will be developed for this in the next 24 to 48 hours.

Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks. Earlier this month, Emotet began to test installing Cobalt Strike beacons on infected devices instead of their regular payloads.

Initial access brokers are cybercriminals who specialize in breaching companies and then selling the access to ransomware attackers. You might assume these cybercriminals are very skilled, since they are able to compromise a lot of companies; what if I told you they are maybe not as skilled as you might think, and that a lot of these groups simply buy the access to companies from other cybercriminals? Welcome to the world of initial access brokers.

Last Thursday security researchers began warning that a vulnerability tracked as CVE-2021-44228 in Apache Log4j was under active attack and had the potential, according to many reports, to break the internet. To its credit, Apache hastily released a patch to fix Log4Shell with Log4j version 2.15.0 last Friday.

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell vulnerability is nowhere near finished. The recent discovery of a second Log4j vulnerability has shown that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.

The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers.Yesterday, BitDefender reported that they found the first ransomware family being installed directly via Log4Shell exploits.

SIM swapping attacks have been reported in the media since 2017. With the ENISA Report - Countering SIM-Swapping, the EU Agency for Cybersecurity gives an overview of how SIM swapping attacks work and of the extent to which Member States are affected.

Google has released Chrome 96.0.4664.110 for Windows, Mac, and Linux, to address a high-severity zero-day vulnerability exploited in the wild. Although the company says this update may take some time to reach all users, the update has already begun rolling out Chrome 96.0.4664.110 worldwide in the Stable Desktop channel.

Dell's fix wasn't comprehensive enough to prevent additional exploitation, and as security researchers warn now, it is an excellent candidate for future Bring Your Own Vulnerable Driver attacks. "However, the partially fixed driver can still help attackers."

Researchers have started to fill in the details on the latest Log4Shell attacks, and they reported finding at least 10 specific Linux botnets leading the charge. First, analysts at NetLab 360 detected two waves of Log4Shell attacks on their honeypots, from the Muhstik and Mirai botnets.