Cyber Security Headlines – December 20, 2021

Log4J – New patch and a field day for ransomware

Fallout from the Log4j zero-day continues to appear by the hour. Since its discovery last week, security experts have been recommending version 2.16 as the safest release to be on, but as of yesterday, that has changed, with version 2.17.0 out that fixes a seemingly-minor, but ‘High’ severity Denial of Service (DoS) vulnerability that affects version 2.16. Researchers from KnownSec 404 Team and Sangfor Threat Intelligence Team reported that the TellYouThePass ransomware resurged and is exploiting the flaw to target both Linux and Windows systems. Conti ransomware operation is using the exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. CISA Director Jen Easterly told industry leaders in a phone briefing last Monday that it is “is one of the most serious I’ve seen in my entire career, if not the most serious,” predicting that hundreds of millions of devices are likely to be affected.

(Bleeping Computer, Security Affairs, Cyberscoop)

Western Digital warns customers to update their My Cloud devices

Western Digital is urging customers to update their WD My Cloud devices to the latest available firmware to keep receiving security updates on My Cloud OS firmware reaching the end of support. They state that customers whose devices aren’t compatible with My Cloud OS 5, will lose remote access and will only be able to access it locally. Devices on these older firmware versions will not receive security fixes or technical support. Western Digital made headlines last after a week’s mass-wiping of their My Book Live storage devices involved the exploitation of not just one vulnerability but also a second critical security bug that allowed hackers to remotely perform a factory reset without a password.

(Bleeping Computer)

Sainsbury’s payroll hit by Kronos attack

Following up on another major story of last week, the British supermarket chain Sainsbury’s says it lost a week’s worth of data for its 150,000 UK employees as a result of a cyberattack on payroll system provider Kronos. Sainsbury’s relies on Kronos to log, store and process the hours employees have worked.But it said they would be paid before Christmas. US supermarket chain Whole Foods and carmaker Honda North America use Kronos and were among those affected, NBC news reported.

(BBC News)

Thanks to our episode sponsor, Lookout

Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we’re at an inflection point for both threats and security solutions. Just as you wouldn’t bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout’s 2022 predictions at lookout.com/predictions.

Google says NSO Pegasus zero-click ‘most technically sophisticated exploit ever seen’

Security researchers at Google’s Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations. The Google team assesses the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group’s Pegasus surveillance tool on iPhones to be “one of the most technically sophisticated exploits we’ve ever seen.” The researchers said the sophistication of the exploit is confirmation that hackers at the Israel-based NSO Group have technical expertise and resources to rival those previously thought to be accessible to only a handful of nation states.

(SecurityWeek)

Google will fire employees who refuse vaccinations, report says

An internal memo, obtained by CNBC, told staff that they must upload documents proving vaccination status. Google has been pushing for an eventual return to the office – which has been repeatedly delayed – and expects those attending buildings to be vaccinated. The US Occupational Safety and Health Administration has told all employers with 100 or more staff that they must make sure each of their workers is either vaccinated or tested for Covid-19 once a week – a move that Google has indicated would cover almost all roles at the company.

(BBC News)

Facebook takes down accounts for seven “cyber-mercenary” firms

Meta (formerly Facebook) said these companies targeted users with links to phishing sites in order to collect login credentials and infect them with malware. The seven companies, which have been active for years, sold their services “indiscriminately to any customer,” Meta said in a press release Wednesday. While the companies advertised their services as meant for law enforcement, Meta said that many of the victims they targeted were in reality journalists, dissidents, critics of authoritarian regimes, and the families of opposition and human rights activists. In total, Meta said the seven companies used more than 1,500 fake accounts to target more than 50,000 users across 100 countries on behalf of their customers.

(The Record)

Anti-5G necklaces are radioactive and dangerous

People who wear “anti-5G” pendants to “protect” themselves from radio frequencies emitted by phone masts have been told by the Dutch nuclear authority that their necklaces are dangerously radioactive. Owners of “quantum pendants” and other “negative ion” jewelry have been advised to store them away, as they have been found to continuously emit ionizing radiation. The World Health Organization has said that 5G is safe and that there is nothing fundamentally different about the physical characteristics of the radio signals produced by 5G compared with those produced by 3G and 4G. Despite this, an industry suggesting that certain types of jewelry, including one product mentioned that claims to “utilize pure minerals and volcanic ash that are extracted from the Earth,” has burgeoned.

(The Guardian)