In this issue:

• Army of Hackers bolsters the power of North Korea’s Kim Jong Un
• The CISA, FBI,, NSA, and Global Partners issue a security advisory to prevent Apache Log4j vulnerabilities
• During lockdowns, Canadian officials tracked 33 million mobile phones
• Regulators in China suspend Alibaba Cloud for not reporting Log4j vulnerabilities
• AWS’s third outage in a month impacts Slack, Epic Games Store, Asana, and more

Elsewhere Online:

• The government of New Zealand has approved euthanasia for COVID patients
• CISA releases a Log4j scanner to identify vulnerable applications
• Positive Security reveals details of 4 vulnerabilities found in Microsoft Teams Software
• Reviews and comments are disabled for the Chinese President’s book after Amazon is ordered to remove all reviews under 5 stars by authorities
• Cybercriminals found a way to bypass Microsoft Office Patch for a critical vulnerability
• NSO Group burns cash in a desperate bid to survive the phone-hacking scandal

Army of Hackers bolsters the power of North Korea’s Kim Jong Un

According to reports, North Korean Supreme Leader Kim Jong Un has been using hackers to fund nuclear weapons and aid the country’s struggling economy. According to US and UN inspectors, Kim’s government, which has been in power for ten years this month, has already made at least $2.3 billion through illegal cybercrimes, with more money on the way.

AppleJeus, which poses as a cryptocurrency trading platform but steals money from its victims, was responsible for at least $316.4 million of that total. On the list of prohibited cybercrimes were targeting banks worldwide, stealing military secrets, extorting payments using ransomware, and hijacking digital currencies.

Efforts to steal $2 billion from the Society for Worldwide Interbank Financial Telecommunication (Swift) transactional systems are also known as cybercrimes. According to a UN Security Council panel studying North Korea’s defiance of sanctions, the government has allegedly unlawfully acquired military tech that might be utilized for financial advantage.

Cybercrime has given a lifeline to North Korea’s ailing economy, hampered by sanctions. The country has shown little sign of returning to talks that could lead to sanctions being lifted if it abandons its nuclear weapons program.

The CISA, FBI,, NSA, and Global Partners issue a security advisory to prevent Apache Log4j vulnerabilities

Cybersecurity firms from Australia, Canada, New Zealand, the United States, and the United Kingdom have released a joint advisory to the widespread exploitation of several vulnerabilities in Apache’s Log4j software package library by malicious actors.

In the new guidance, the intelligence firms said that these vulnerabilities, particularly Log4Shell, are “severe.” “Cyber risk actors are aggressively monitoring networks for vulnerable methods to exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105. These flaws are likely to be exploited for a lengthy period.”

By sending a specially engineered request to a vulnerable machine and causing it to execute arbitrary code, an attacker could exploit this vulnerability Log4Shell (CVE-2021-44228). A remote attacker could exploit the vulnerability to conduct arbitrary code and cause a denial-of-service issue through it.

According to the FBI’s statement, the attacks have also raised the prospect that threat actors are combining the holes into existing cybercrime schemes seeking to adopt increasing sophistication obfuscation techniques. Organizations are being asked to identify, remediate, and upgrade vulnerable assets as quickly as possible, despite the seriousness of the vulnerabilities and the likelihood of escalating exploitation.

CISA ordered all federal civilian entities to resolve the problem before Christmas and released an open-source log4j-scanner based on scanners developed by other open source community members. The tool is designed to assist enterprises in identifying potentially susceptible web services due to log4j vulnerabilities.

During lockdowns, Canadian officials tracked 33 million mobile phones

During the lockdown, Canada’s Public Health Agency used cell tower locators to “understand the public’s responsiveness during lockdown measures.”

According to agency spokesperson Mark Johnson, this measure helped find possible links between “the movement of populations within Canada and COVID.”

The disclosure of the directive was followed by a contractor’s notice stating that the agency will keep using cell tower tracking to “describe and analyze population-level trends.” Johnson also noted that the contractors must ensure the information is “cleaned and processed.”

Regulators in China suspend Alibaba Cloud for not reporting Log4j vulnerabilities

The Chinese government will suspend its cybersecurity partnership with Alibaba’s cloud for six months after they failed to report software vulnerabilities to the Ministry of Industry and Information Technology (MIIT)

On November 24th, Chen Zhaojun –the security engineer who discovered the Log4j vulnerability– reported the issue to Apache. On December 9th, the MIIT was informed of the case in a report sent by a third party. 

This affair comes after the Cyberspace Administration of China passed new vulnerability disclosure regulations that oblige software providers affected by critical vulnerabilities to disclose them first to government authorities. The Chinese government has fined Alibaba 18.2 billion yuan for violating this law. 

Although extreme, the government states that the measures taken were put in place solely to protect data shared outside of the Asian country.  

AWS’s third outage in a month impacts Slack, Epic Games Store, Asana, and more

Due to a power outage, Amazon Web Services (AWS) has suffered problems that hampered services like Slack, Epic Games Store, among others, for some users. The service health dashboard announced that a power outage in a single data center affected an Availability Zone (USE1-AZ4) within the US-EAST-1 Region. 

The issue was marked as resolved by Amazon at 7:22 PM ET. Nevertheless, not all the affected servers were entirely fixed by the restoration. The final AWS status page announced that by 2:30 PM PST, “some of the affected EC2 instances and EBS volumes were running on hardware that has been affected by the loss of power and is not recoverable.”

At the peak of the outage, Slack reported that its services were “experiencing issues with file uploads, message editing, and other services.” However, the connection issues with the app were later marked as resolved around 3:13 PM ET. Other apps, like Asana and Epic Games Store, appear to be also back online. 

It is not the first time AWS has been affected by power outages. Earlier this month, two outages affected many platforms and products such as Netflix and Disney Plus.

Elsewhere online: 

The government of New Zealand has approved euthanasia for COVID patients
https://catholicherald.co.uk/new-zealand-okays-euthanasia-for-covid-patients/

CISA releases a Log4j scanner to identify vulnerable applications
https://www.bleepingcomputer.com/news/security/cisa-releases-apache-log4j-scanner-to-find-vulnerable-apps/

Positive Security reveals details of 4 vulnerabilities found in Microsoft Teams Software
https://thehackernews.com/2021/12/researchers-disclose-unpatched.html

Reviews and comments are disabled for the Chinese President’s book after Amazon is ordered to remove all reviews under 5 stars by authorities
https://macdailynews.com/2021/12/20/china-ordered-amazon-to-delete-reviews-of-xi-jinpings-book/

Cybercriminals found a way to bypass Microsoft Office Patch for a critical vulnerability
https://www.securityweek.com/microsoft-office-patch-bypassed-malware-distribution-apparent-dry-run

NSO Group burns cash in a desperate bid to survive the phone-hacking scandal
https://www.bloombergquint.com/markets/nso-group-burned-up-most-of-its-cash-to-shift-away-from-pegasus