Subscribe

#AxisOfEasy 225: Threat Actors Exploit The Second Log4j Vulnerability As A Third Flaw Is Discovered

by on December 21, 2021

Weekly Axis Of Easy #225


Last Week’s Quote was “A man convinced against his will, is of the same opinion still” is attributed to Dale Carnegie, although he wrote it as a quote without giving credit.  Great guess Olivier!  You’re this week’s winner.

Update: We did have a winner for #223 which was the week before last.  Andrew got it right with Voltaire. 

This Week’s Quote: “The intelligent man finds almost everything ridiculous, the sensible man hardly anything.”

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


 
In this issue:
  • 63,000 websites suffer outages as users report issues with the AWS 
  • Apple sues NSO Group, putting the organization in financial trouble
  •  Threat actors exploit the second Log4j vulnerability as a third flaw is discovered
  • “Global Cyber Power” is the goal of the United Kingdom’s new cyber strategyNew York man admits to stealing $20 million in a SIM swap wire fraud   
Elsewhere online:
  • A new ‘PseudoManuscrypt’ spyware targets thousands
  • Wireless and Bluetooth chips are vulnerable to coexistence attacks
  • Cyber incident reporting not included in $768 billion defense bill 
  • Windows registry is used by new fileless malware

63,000 websites suffer outages as users report issues with the AWS

According to preliminary indications from Pingdom AB, a Swedish internet monitoring business, over 63,000 websites globally are having trouble while Amazon Web Services is struggling. According to Downdetector, AWS disruptions have been observed in the Eastern part of the United States, and the AWS Internet Connectivity (Oregon) service appears to be down.

On Wednesday, December 15th, Pingdom reports that 63,671 websites are down. According to Reuters, Amazon claimed the outage was likely caused by issues with the application programming interface (API), a collection of protocols for creating and integrating software applications.
Other websites and apps impacted include the Internet Movie Database (IMDb), language learning company Duolingo, and matchmaking site Tinder.

The outage also disrupted Pre-sale tickets for Adele’s future Las Vegas shows. “All Adele Verified Fan Presales scheduled for today has been rescheduled for tomorrow owing to an Amazon Web Services (AWS) outage affecting companies worldwide,” says the statement made by Ticketmaster on Twitter.

These constant disruptions should be a cause for alarm for the tech giant. A disruption in AWS results in the outage of several thousand websites, and it’s no longer before Amazon loses its credibility as a strong web service provider.

Read: https://www.zerohedge.com/markets/63000-websites-hit-outages-users-report-amazon-web-service-issues


Apple sues NSO Group, putting the organization in financial trouble

Apple has filed a lawsuit against NSO Group and its parent business to hold them liable for spying on and targeting Apple customers. As a result of this case, we gain insight into how NSO Group’s Pegasus malware-infected victims’ devices. Apple is also seeking a protection order prohibiting NSO Group from utilizing any Apple software, products, or devices to avoid additional abuse and injury to its users.

Since an Amnesty International exposé, the firm has come under increased scrutiny. Consequently, the US government banned importing and selling this spyware after designating the firm as a national security threat.
Apple sued Pegasus for violating iPhone customers’ privacy and began scanning iPhones for signs of Pegasus compromise, notifying owners that their devices had been compromised.

Following sanctions by both the US government and Apple, Pegasus spyware producer NSO Group is cash-strapped. As a result, the corporation is looking into the possibility of selling itself. According to the most recent source, the business is considering shutting down the entire operation due to pressure from US internet titans.
Two US businesses are attempting to purchase NSO and change Pegasus’s mission so that the malware can be used to safeguard smartphones rather than hack them.

Read: https://9to5mac.com/2021/12/15/pegasus-spyware-maker-nso-running-out-of-cash/


Threat actors exploit the second Log4j vulnerability as a third flaw is discovered

According to Cloudflare, threat actors actively exploit the Second vulnerability found in Log4j. Customers should install the current version of the logging application as soon as possible since malware continues to attack unpatched computers.

“This vulnerability is being actively abused,” says Cloudflare’s Andre Bluehs. “Anyone using Log4J should upgrade to version 2.16.0 as quickly as possible, even if they earlier updated to 2.15.0.” 

Identifiers have been assigned to new vulnerabilities. In CVE-2021-45046, attackers can launch denial-of-service (DoS) attacks because the initial remedy for the remote code execution vulnerability (CVE-2021-44228, also known as Log4Shell) from the Apache Software Foundation (ASF) is “specified non-default.” 

Access brokers used the Log4Shell vulnerability to get preliminary access to target networks, which were then sold to other ransomware accomplices, according to Microsoft Threat Intelligence Center (MSTIC). Additionally, scores of malware families have been uncovered that exploit this flaw, ranging from cryptocurrency coin miners and remote access trojans to bots and web shells.

Although most threat actors are inclined to exploit newly discovered vulnerabilities before they are patched, the Log4j flaw highlights the risks associated with software distribution networks when a crucial piece of software is used across multiple vendors’ products and mobilized by their customers across the world.

Read: https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html?&web_view=true


“Global Cyber Power” is the goal of the United Kingdom’s new cyber strategy.

In response to escalating threats from organized criminals and nation-state entities, the UK government has released a new national cyber strategy to bolster the country’s defensive and offensive capabilities.

The government wants the strategy’s broad scope to cement the UK’s “place as a global cyber power.”

Employing the newly unveiled Product Security and Telecommunications Infrastructure (PSTI), which enforces minimum security requirements on innovative device manufacturers and more significant funding for public sector cyber security, are among the plans to strengthen the country’s cyber security defenses.

In addition, there is a significant emphasis on developing offensive measures to prepare better the military and police to combat cyber-threat actors. The UK’s recently formed National Cyber Force and law enforcement will receive more money to help undermine and prosecute cybercrime gangs.

Growing the UK’s cyber talented workforce is another significant feature of the policy, which calls for “all segments of society to perform their role in strengthening the UK’s economic and strategic capabilities in cyberspace.”

According to the government, these initiatives will build on the significant expansion in the UK’s cyber industry in recent years, with over 1400 enterprises producing £8.9 billion in revenue the year before. These measures are also aimed at ‘leveling up’ the cyber sector across the UK.

Read: https://www.infosecurity-magazine.com/news/uk-cyber-strategy-global-cyber/?&web_view=true


New York man admits to stealing $20 million in a SIM swap wire fraud

A 24-year-old New York man has pleaded guilty to conspiracy to conduct wire fraud after bragging about conspiring to steal more than $20 million in cryptocurrencies from a technology magnate. Nicholas Truglia was a member of a group accused of stealing more than $100 million from cryptocurrency miners using fraudulent “SIM swaps,” in which identity thieves take over a victim’s cellphone number and use it to gain control of their online personas.
Truglia testified in federal court in New York that in 2018, he allowed a buddy to use his Binance account to smuggle more than $20 million in digital currencies stolen from Michael Terpin, a cryptocurrency enthusiast who co-founded the first bitcoin angel investment organization.

Terpin filed the lawsuit case against Truglia in Los Angeles Superior Court after the theft, and it was awarded a $75.8 million judgment against him by a jury in May 2019. A New York jury trial indicted Truglia in January 2020 for his role in the crypto theft from Terpin.

Terpin, when contacted for comment, said his perpetrator got off easy.
Terpin is also pursuing a civil case against Ellis Pinsky, an 18-year-old accused of cooperating with Truglia as part of a SIM swapping ring that has stolen more than $100 million in cryptocurrencies.

By creating a PIN, customers can protect themselves from SIM swaps and related techniques at all major wireless providers. Before account changes can be made, the PIN must be entered over the phone and in-person at a store. Inept or unscrupulous mobile store staff, on the other hand, can circumvent these security mechanisms.

https://krebsonsecurity.com/2021/12/ny-man-pleads-guilty-in-20-million-sim-swap-theft/


Elsewhere online: 

A new ‘PseudoManuscrypt’ spyware targets thousands of industrial systems
Read: https://www.securityweek.com/thousands-industrial-systems-targeted-new-pseudomanuscrypt-spyware

Wireless and Bluetooth chips are vulnerable to coexistence attacks, according to researchers
Read: https://thehackernews.com/2021/12/researchers-uncover-new-coexistence.html

Cyber incident reporting not included in $768 billion defense bill passed by US Senate
Read: https://www.zdnet.com/article/us-senate-passes-defense-bill-without-cyber-incident-reporting-provisions/?&web_view=true

Windows registry is used by new fileless malware to evade detection
Read: https://thehackernews.com/2021/12/new-fileless-malware-uses-windows.html?&web_view=true
 

3 responses to “#AxisOfEasy 225: Threat Actors Exploit The Second Log4j Vulnerability As A Third Flaw Is Discovered”

  1. James R says:

    This week’s AxisOfEasy quote (“The intelligent man finds almost everything ridiculous, the sensible man hardly anything”) sounds like something either Voltaire or George Bernard Shaw would say.

  2. Timothy Condon says:

    H.L. Mencken. It’s just gotta be.

  3. T Peace says:

    I learned it first in German class: “Der intelligente Mann findet fast alles lächerlich, der vernünftige Mann kaum etwas.” – Goethe

Leave a Reply

Your email address will not be published.

#AxisOfEasy is brought to you by....

easyDNS

Power & Freedom™ since 1998


Ledger Nano X - The secure hardware wallet easyDNS