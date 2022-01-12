ContributorsPublishersAdvertisers
Daily Roundup: Ransomware Gangs Exploit VMware Log4Shell Vulnerability

In case you’ve been stuck in video conference meetings all day, here are today’s top stories from...

CBS Denver

Ransomware Group Claims Successful Hack Of Broomfield Cybersecurity Firm

(CBS4) — The ransomware group Ragnar_Locker spread claims of a successful hack of telecom analytics firm Subex and its Broomfield-based cybersecurity subsidiary, Sectrio, on Saturday. Ragnar_Locker’s leak site on the dark web showed an ‘.onion’ link purportedly containing vital information about the company and its employees. A screenshot obtained by CBS4. (credit: CBS) An unconfirmed online report stated the firewall, router and VPN configuration data, company passwords, and employee documents were published in the link. On its website, the company advertises that it “secures converged networks through better asset visibility, reduced attack surfaces, and early detection of latent threats.” RELATED: Ransomware Attack Impacting Denver Payroll...
BROOMFIELD, CO
Digital Trends

This powerful Dell laptop is down to $250 for a limited time only

If you’re on the hunt for affordable but reliable laptop deals, it’s highly recommended that you go with Dell laptop deals. The brand is one of the most trusted names in the industry because of high-quality products like the Dell Inspiron 15 3000, which is currently available from Dell for just $250 after a $135 discount to its original price of $385.
COMPUTERS
sdxcentral.com

Daily Roundup: Dish Missed Every 5G Commitment in 2021

In case you’ve been stuck in video conference meetings all day, here are today’s top stories from SDxCentral. Also, make sure to subscribe to our daily newsletters to get these stories in your inbox. Dish Missed Every 5G Commitment it Made in 2021. The aspiring greenfield operator moved...
MARKETS
wpguynews.com

Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution

A never-before-seen China-based targeted intrusion adversary dubbed Aquatic Panda has been observed leveraging critical flaws in the Apache Log4j logging library as an access vector to perform various post-exploitation operations, including reconnaissance and credential harvesting on targeted systems. Cybersecurity firm CrowdStrike said the infiltration, which was ultimately foiled, was aimed...
COMPUTERS
sdxcentral.com

Daily Roundup: Top 5 Optical Deals of 2021

In case you’ve been stuck in video conference meetings all day, here are today’s top stories from SDxCentral. Also, make sure to subscribe to our daily newsletters to get these stories in your inbox. Top 5 Optical Deals of 2021. Cisco’s acquisition of Acacia was not only the...
TECHNOLOGY
threatpost.com

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group (APT) to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat...
COMPUTERS
bitcoinist.com

Hacker Exploits Vulnerability To Steal 801,601 MATIC Tokens From Polygon

Polygon network, home to the popular MATIC token, has announced that its platform was exploited by an attacker to steal funds. It is now the latest in a long line of platforms that have announced that they have fallen victim to attacks where the hacker has been able to make off with tokens. The hack on Polygon shows that even some of the most secure and popular networks can end up exploited by hackers.
PUBLIC SAFETY
inforisktoday.com

Vice Society: Ransomware Gang Disrupted Spar Stores

A ransomware operation called Vice Society has claimed credit for attacks that hit two groups of independently owned and operated Spar-branded stores earlier this month. On Dec. 6 via Twitter, Spar reported that for some of its U.K. operations, "there has been an online attack on our IT systems which is affecting stores' ability to process card payments, meaning that a number of Spar stores are currently closed."
PUBLIC SAFETY
mspoweruser.com

Microsoft observed many attackers adding exploits of Log4j vulnerabilities

Last month, several remote code execution (RCE) vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-44832) were reported in Apache Log4j, a widely used open-source component used by many software and services. These vulnerabilities led to widespread exploitation including mass-scanning, coin mining, establishing remote shells, and red-team activity. On December 14th, Apache Log4j 2 team released Log4j 2.16.0 to fix these vulnerabilities. Until the patch is applied, all the existing Apache Log4j running servers will be potential target for hackers.
SOFTWARE
The Independent

Developer sabotages own code to break thousands of apps in protest against world’s biggest companies

An open-source programmer responsible for some of the most popular libraries on the internet has sabotaged their own work, seemingly in protest against “Fortune 500” companies.Marak Squires, a coder from New York, seemingly purposefully corrupted two open-source libraries called “faker.js” and “colors.js”. The former receives 2.8 million weekly downloads from GitHub and supports 2,500 projects, while the latter is downloaded 20 million times per week and supports 19,000 projects.These libraries support a number of open-source projects including Amazon’s Cloud Development Kit.The result of downloading these corrupted libraries causes applications to output three lines of text that read “LIBERTY LIBERTY LIBERTY”...
INTERNET
sdxcentral.com

Daily Roundup: GSMA: MWC Barcelona Must Go On, COVID Be Damned

In case you’ve been stuck in video conference meetings all day, here are today’s top stories from SDxCentral. Also, make sure to subscribe to our daily newsletters to get these stories in your inbox. “GSMA would only consider a change to our plans under the direction of the...
PUBLIC HEALTH
bleepingcomputer.com

Linux version of AvosLocker ransomware targets VMware ESXi servers

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines. While we couldn't find what targets were attacked using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one victim that got hit with...
COMPUTERS
CSO

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers have warned of a new, critical Java flaw impacting the console of the popular H2 Java SQL database with the same root cause as the Log4Shell vulnerability in Apache Log4j. According to JFrog, the issue carries a critical risk of unauthenticated remote code execution (RCE) for certain organizations who should update their H2 databases immediately.
SOFTWARE
bleepingcomputer.com

Night Sky ransomware uses Log4j bug to hack VMware Horizon servers

The Night Sky ransomware gang has started to exploit the critical CVE-2021-44228 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems. The threat actor is targeting vulnerable machines exposed on the public web from domains that impersonate legitimate companies, some of them...
COMPUTERS
sdxcentral.com

VMware Tanzu Targets Skills Gap, Shifts Security Left

In a world where more than 5.6 million developers use Kubernetes, vendors are deepening their focus on simplifying the complexity of the Kubernetes ecosystem and shifting security further left in the application development process. VMware Tanzu Application Platform secures VMware’s seat on that bandwagon. Although the technological merits of...
SOFTWARE
WFXR

Ways to protect your computer while you work at home

GREENVILLE, N.C. (WNCT) – As we continue to transition into another year dealing with COVID-19, some are still working from home. One topic people seem to be talking about more is computer software and data protection, during Home Office and Security Week, which is the second week of January. One local IT management company says […]
COMPUTERS
Beta News

Open source tool helps in the fight against log4j vulnerability exploits

Since the Log4Shell attack targeting a log4j vulnerability was first uncovered towards the end of last year it's posed a threat to web servers worldwide. It's a tricky problem to address because doing so means updating software dependencies. Meanwhile attackers are seeking to inject text into log messages or log message parameters, then into server logs which can then load code from a remote server for malicious use, using obfuscation techniques to hide from security software.
COMPUTERS

