Cyber Security Headlines – December 17, 2021

Hackers begin exploiting second Log4j vulnerability as a third flaw emerges

Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to pummel unpatched systems with a variety of malware. The new vulnerability, assigned the identifier CVE-2021-45046, makes it possible for adversaries to carry out denial-of-service (DoS) attacks and follows disclosure from the Apache Software Foundation (ASF) that the original fix for the remote code execution bug — CVE-2021-44228 aka Log4Shell — was “incomplete in certain non-default configurations.” The issue has since been addressed in Log4j version 2.16.0. “This vulnerability is actively being exploited and anyone using Log4j should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0,” Cloudflare’s Andre Bluehs and Gabriel Gabor said.

(The Hacker News)

Researchers uncover new coexistence attacks on Wi-Fi and Bluetooth chips

Cybersecurity researchers have demonstrated a new attack technique that makes it possible to leverage a device’s Bluetooth component to directly extract network passwords and manipulate traffic on a Wi-Fi chip. The novel attacks work against the so-called “combo chips,” which are specialized chips that are equipped to handle different types of radio wave-based wireless communications, such as Wi-Fi, Bluetooth, and LTE. Coexistence refers to a mechanism wherein Bluetooth, Wi-Fi, and LTE share the same components and resources — e.g., antenna or wireless spectrum — necessitating that these communication standards coordinate the spectrum access to avoid collisions when operating in the same frequency. Chipset vendors use this principle to allow Wi-Fi and Bluetooth to operate virtually concurrently.

(The Hacker News)

North American propane distributor ‘Superior Plus’ discloses ransomware attack

The company says it discovered the breach on Sunday, December 12, and that, as a response, it took steps to mitigate impact on corporate data and operations. Chris Clements, VP of Solutions Architecture, Cerberus Sentinel, points out that the attack was only detected after the ransomware was deployed, but that it’s unclear for how long the attackers actually had access to Superior Plus’ systems before that. “Normal attacker dwell time typically extends weeks or months before they trigger ransomware. During this time, the attackers pivot throughout the victim’s network and attempt to escalate their access level to gain complete control of all systems and data. Mass scale data exfiltration has also become the norm in these events that can trigger a secondary extortion demand from the attackers,” Clements says.

(SecurityWeek)

Flaws in Lenovo laptops allow “escalating to admin” privileges

Lenovo laptops, including ThinkPad and Yoga families, are affected by a privilege elevation issue that resides in the ImControllerService service of all Lenovo System Interface Foundation versions below 1.1.20.3. allowing attackers to execute commands with admin privileges. According to NCC Group, the ImController service comes installed on certain Lenovo devices, it runs as the SYSTEM user and periodically executes child processes that perform system configuration and maintenance tasks. An attacker can exploit the vulnerabilities to elevate its privileges to SYSTEM and take over the vulnerable device.

(Security Affairs)

Thanks to our episode sponsor, Tines

Tines is no-code automation for security teams, trusted by the world’s best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we’ll donate $100 to your favorite charity – we’re that certain you’ll love what you see. Head over to tines.com/charity to book your 10 minute demo and send $100 to your favorite cause.

U.S. airlines warn 5G wireless could wreak havoc with flights

Plans by wireless carriers to use spectrum for 5G wireless services starting Jan. 5 could disrupt thousands of daily flights and cost air passengers $1.6 billion annually in delays, according to United Airlines and other US carriers. Last week, the FAA issued new airworthiness directives warning that interference from 5G wireless spectrum could result in flight diversions, but did not quantify the impact. But according to United’s CEO Scott Kirby, “Coming Jan. 5 — unless something changes — we will not be able to use radio altimeters at 40-something of the largest airports in the country, meaning that at major U.S. airports in the event of bad weather, cloud cover or even heavy smog “you could only do visual approaches essentially.”

(Reuters)

Gumtree classifieds site leaked personal info via the F12 key

British classifieds site Gumtree.com suffered a data leak after a security researcher revealed that he could access sensitive personally identifiable data of advertisers simply by pressing F12 on the keyboard. When pressing the F12 key in a web browser, the application will open the developer tools console, which allows you to view a website’s source code, monitor network requests, and view error messages produced by the website. Pen Test Partners security researcher Alan Monie discovered that he could see the PII of sellers simply by viewing the HTML source code of the advertising shown on Gumtree’s website. Every advert on the site included the seller’s postcode or GPS coordinates – even if the seller requested the map of their location to be hidden. 

(Bleeping Computer)

Fear fatigue exploits cybersecurity of remote employees

The latest report from Malwarebytes revealed that 61% acknowledge that employees experience fear fatigue, with 27% feeling particularly overwhelmed by fear. Malwarebytes stated that nearly 80% of survey respondents reported some level of fear fatigue within their organization. Fear fatigue is defined as the demotivation to follow recommended protective behaviors, emerging gradually over time and affected by a number of emotions, experiences, and perceptions. Fear fatigue can often lead to employees’ negligent behavior, such as opening an email attachment without properly scrutinizing the sender or neglecting to turn on a VPN while using public Wi-Fi.

(CISO Magazine)

Windows 11 officially shuts down Firefox default browser workaround

Microsoft recently said it would block all default browser workarounds in Windows, and now it has done it in the latest Windows update. According to Dave Leclair of How-To-Geek, Microsoft slipped the update into the final patch Tuesday of 2021 for both Windows 10 and Windows 11. This means that “microsoft-edge:// links” can no longer be forced to open in your default browser of choice. Apps like EdgeDeflector and Mozilla’s workaround made it so these links could be intercepted, but that’s no longer possible with this latest Windows update.

(HowToGeek)