1 min read

Articles of interest from the week of December 13, 2021

John Frasier : Dec 13, 2021 12:00:00 AM

Network Security News Weekly

Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released

The Apache Software Foundation (ASF) has pushed out a new fix for the Log4j logging utility after the previous patch for the recently disclosed Log4Shell exploit was deemed as "incomplete in certain non-default configurations. (By Ravie Lakshmanan, The Hacker News)


Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors

Threat actors, including at least one nation-state actor, are attempting to exploit the newly disclosed Log4j flaw to deploy ransomware, remote access Trojans, and Web shells on vulnerable systems. All the while, organizations continue to download versions of the logging tool containing the vulnerability. (By Jai Vijayan, Dark Reading


Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that's being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. (By Ravie Lakshmanan, The Hacker News)


Why Cloud Storage Isn't Immune to Ransomware

Ransomware is the flavor of the month for cybercriminals. The FBI reports that ransomware attacks rose 20% and losses almost tripled in 2020. And our increased use of the cloud may have played a part in that spike. A survey of CISOs conducted by IDC earlier this year found that 98% of their companies suffered at least one cloud data breach in the previous 18 months as opposed to 79% last year, and numbers got worse the more exposure they had to the cloud. (By Shai Morag, Dark Reading


New Microsoft Exchange Credential-Stealing Malware Could Be Worse Than Phishing

Kaspersky has discovered a malicious add-on for Microsoft's Internet Information Service (IIS) webserver software that it said is designed to harvest credentials from Outlook Web Access (OWA), the webmail client for Exchange and Office 365. (By Brandon Vigliarolo, TechRepublic
Sign Up For Network Security News

Articles of interest from the week of December 27, 2021

Dec 27, 2021 12:00:00 AM

Top 7 Common Cybersecurity Myths — Busted Even with the growing awareness about cybersecurity, many myths about it are prevalent. These...

Read More

Articles of interest from the week of January 10, 2022

Jan 10, 2022 12:00:00 AM

FTC to Go After Companies that Ignore Log4j Companies that fail to protect consumer data from Log4J attacks are at risk of facing Equifax-esque legal...

Read More

Articles of interest from the week of June 27, 2022

Jun 27, 2022 12:00:00 AM

Clever Phishing Method Bypasses MFA Using Microsoft WebView2 Apps A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal...

Read More