Cyber Security Headlines – December 13, 2021

German cybersecurity watchdog issues red alert on Log4j

Germany’s federal cybersecurity watchdog, the BSI, on Saturday issued a red alert warning, its highest, regarding the RCE vulnerability resident in the Apache Log4j, a logging utility used on a variety of Java-based applications. “The reason for this assessment is the very wide distribution of the affected product and the associated impact on countless other products. The vulnerability is also easily exploitable, and a proof-of-concept is publicly available,” the BSI said. Of course, these same words are being echoed by governments, companies, and watchdog organizations worldwide, given the zero-day’s attack surface, which reportedly even reaches to Mars, given that the Mars helicopter uses Log4j. PaloAlto Networks Unit 42 group is one of many security organizations strongly recommending an immediate upgrade to the latest version (2.15.0-rc2) of Apache log4j 2 for all systems. This, of course will be a developing story for a while.

(Reuters via Yahoo, also The Hacker News and reddit)

Cyber incident reporting mandates suffer another congressional setback

A compromise version of the fiscal 2022 National Defense Authorization Act (NDAA) released Tuesday leaves out the language, which would set timeframes for when critical infrastructure owners and operators must report major incidents and some companies would have to report making ransomware payments. Supporters of the language ran out of time to reach an agreement on the final phrasing before NDAA sponsors moved ahead on their final compromise bill, a senior Senate aide said. Considered to be a big setback for backers of the reporting mandates, the reason for the block appeared to be the reluctance to agree to a bipartisan bill on the part of a particular high-ranking participant.

(Cyberscoop)

Russia blocks Tor web over privacy concerns

The block happened Wednesday to Tor and part of its wider network, with the Russian communications regulator accusing it of enabling access to illegal content. Tor, which was founded by U.S. computer scientists, said that without access to its service hundreds of thousands of people would no longer have a safe way to communicate both within Russia and globally. Saying its mission is to advance human rights and freedoms, Tor says it has more than 300,000 users in Russia, or 14% of all daily users, second only to the United States. Russia’s State Duma committee on information and communications, however, describes it as an “absolute evil.”

(Reuters)

Massive attack against 1.6 million WordPress sites underway

Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. The threat actors target four WordPress plugins and fifteen Epsilon Framework themes, one of which has no available patch. Some of the targeted plugins were patched all the way back in 2018, while others had their vulnerabilities addressed as recently as this week. “In most cases, the attackers are updating the users_can_register option to “enabled” and setting the default_role option to “administrator,” Wordfence explains. This makes it possible for attackers to register on any site as an administrator effectively taking over the site.

(Bleeping Computer)

Thanks to our episode sponsor, Tines

You already know how crucial automation is. But why do security analysts still spend so much time on manual tasks? Let’s face it – legacy tools just haven’t delivered on the automation hype. Here’s the secret: automation only works when it’s built by those who know the process or workflow best – your security analysts. So, meet Tines: it’s no-code automation, built for the whole team to use. Find out more at tines.com.

Amazon explains the cause behind Tuesday’s massive AWS outage

Amazon has published a post-event summary to shed some light on the root cause behind this week’s massive AWS outage that took down a long list of high-profile sites and online services, including Ring, Netflix, Amazon Prime Video, and Roku. The outage, which affected the northeastern part of the United States was caused by “an automated activity to scale capacity of one of the AWS services hosted in the main AWS network that triggered an unexpected behavior from a large number of clients inside the internal network.” Despite its temporary inconvenience and the attention it draws to AWS being a potential internet chokepoint, this was not an unusual or unique event to AWS, in fact 16 such events have occurred over the past 10 years.

(Bleeping Computer)

New phishing campaign uses QR codes to target e-banking users

A campaign recently discovered by cybersecurity firm Cofense uses QR codes to deceive customers of two German financial institutions to steal digital banking information. The phishing messages are carefully crafted, using social engineering tricks to deceive the recipients, such as asking them to consent to data policy changes implemented by the bank or requesting them to review new security procedures. The messages then use QR codes instead of buttons or clickable links since QR codes make it difficult for email filters to flag the messages as malicious.

(Security Affairs)

Americans lost $148 million to gift card scams this year

According to the US Federal Trade Commission, this amount was lost during the first nine months of 2021, following a significant increase compared to last year. Most gift card scams start with a phone call from someone impersonating a branch of the government like the Social Security Administration, or a business. The caller might threaten to freeze your bank account and tell you that you must buy gift cards to avoid arrest or to keep access to your money in your bank account. While Google Play, Apple, eBay, and Walmart gift cards have remained popular options for scammers, they now switched to asking for Target gift cards which are now their most popular choice.

(Bleeping Computer)

Ransomware attack means cream cheese supply spread thin

The serious shortage of cream cheese that has occurred in recent weeks is not solely due to widespread supply chain disruptions and labor shortages. According to Bloomberg, in this instance, hackers played a role. In mid-October, cheese giant Schreiber Foods (which has a cream cheese unit comparable to industry leader Kraft’s) was forced to close for several days due to a cyberattack. The hack coincided with the annual height of the U.S. cream cheese season—think cheesecakes—on top of demand that was already high due to workers remaining home during the pandemic, Bloomberg wrote. Schreiber has not yet clarified if or how the ransomware issue was resolved. 

(Gizmodo)