Log4shell exploits hit Belgium’s Defense Ministry. Cell handover exploit demo. Coin-miners evade Chinese law. Holiday advice.

Dateline the Internet: the Log4j vulnerabilities.

Hackers Exploit Log4j Flaw at Belgian Defense Ministry (Wall Street Journal) The ministry shut down parts of its computer network in response.

Belgian defence ministry pwned by Log4j vuln exploitation (Register) Perpertrators’ ID unknown, however

Belgian defence ministry suffers cyber attack through Log4j exploitation (Computing) Multiple threat groups are currently leveraging Log4j bugs in their operations

Belgian Defense Ministry confirms cyberattack through Log4j exploitation (ZDNet) The Defense Ministry said it first discovered the attack on Thursday.

Belgian defense ministry hit by cyberattack (POLITICO) State-backed hacking groups including those with ties to China, Iran, North Korea and Turkey have been using a vulnerability in Log4j software.

Belgian defense ministry hacked by attackers exploiting Apache vulnerability (TheHill) Belgium’s Ministry of Defense was recently hacked by attackers exploiting the massive vulnerability in Apache logging library log4j that has become a worldwide security concern, according to multiple reports. 

Belgian Defence ministry network partially down following cyber attack (Brussels Times) Part of the Belgian Ministry of Defence’s network was down for several days as a result of a “serious” cyber attack after a security hole was discovered in the software.

Le piratage de la Défense belge était prévisible… et évitable? (L’Avenir) Les alertes à répétition n’ont pas empêché le ministère de la Défense d’être victime d’une attaque informatique retentissante.

Log4j: Belgian Defense Ministry Reports it Was ‘Paralyzed’ (BankInfoSecurity) Ministry of Defense Says Attack Relates to Widespread Apache Flaw

Feds Look into Log4j Vulnerability After Hawaii Cyber Attack (GovTech) Multiple federal entities are scouring the country for governments that have fallen prey to the global Log4j software vulnerability, which is considered the worst weak point in recent years by security experts.

Conti Ransomware Gang Has Full Log4Shell Attack Chain (Threatpost) Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.

The Log4j saga: New vulnerabilities and attack vectors discovered (Help Net Security) The Apache Log4j saga continues, as several new Log4Shell attack vectors have been discovered by researchers worldwide.

What’s all the fuss with Log4j2? (Computerworld) As companies scramble to determine whether they’re vulnerable to the Log4j2 flaw, SMBs may not have the resources to do so themselves. Here’s what you can do.

Cisco : Defending Against Log4j Exploits with Cisco Secure Endpoint (MarketScreener) The Apache Log4j vulnerability is on the mind of nearly every cybersecurity and IT team right now because of its widespread usage, ease of exploitation, and broad attack surface. This… | December 21, 2021

Attacks, Threats, and Vulnerabilities

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G (The Hacker News) Researchers discover several new mobile interception vulnerabilities affecting 2G, 3G, 4G and 5G mobile networks.

Don’t hand it Over: Vulnerabilities in the Handover Procedure of Cellular Telecommunications (ACSAC) Mobility management in the cellular networks plays a significant role in preserving mobile services with minimal latency while a user is moving.

FBI: State hackers exploiting new Zoho zero-day since October (BleepingComputer) The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho’s ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October.

APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central (FBI) Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers. The APT actors were observed compromising Desktop Central servers, dropping a webshell that overrides a legitimate function of Desktop Central, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.

Chinese spies accused of using Huawei in secret Australia telecom hack (The Japan Times) An investigation has found a key piece of evidence underpinning U.S. warnings that Huawei products pose a national security risk for any countries that use them.

Cybersecurity company identifies months-long attack on US federal commission (ZDNet) Both CISA and USCIRF refused to engage with the company after being notified repeatedly of the attack.

Nation-State Attackers Targeted Airline With New Backdoor (Decipher) The Iran-linked threat group targeted an Asian airline in what researchers believe is an espionage cyberattack.

Inside China’s underground crypto mining operation, where people are risking it all to make bitcoin (CNBC) Miners explain how China’s underground crypto mining operation works.

Ready-made fraud (Group-IB) Behind the scenes of targeted scams

Simulated Phishing Study Reveals Who Falls for Them Most Often (Digital Information World) One of the most pertinent findings from this study was that there was no correlation between gender and the likelihood of falling for an attack.

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study (arXiv) In this paper, we present findings from a largescale and long-term phishing experiment that we conducted in collaboration with a partner company. Our experiment ran for 15 months during which time more than 14,000 study participants (employees of the company) received different simulated phishing emails in their normal working context. We also deployed a reporting button to the company’s email client which allowed the participants to report suspicious emails they received. We measured click rates for phishing emails, dangerous actions such as submitting credentials, and reported suspicious emails

Surveillance-for-hire: Are you a target of the booming spy business? (TechRepublic) Meta has exposed and acted against entities that have been spying on people and organizations around the globe. Find out how the threat actors operate and learn what you can do to protect yourself.

Study finds “serious security risks” in K-12 school apps (The Record by Recorded Future) Many apps used by schools contain features that can lead to the “unregulated and out of control” sharing of student data to advertising companies and other security issues, according to a report published Monday by the nonprofit Me2B Alliance.

Spotlight Report #4: Me2B Alliance Product Testing Report (Me2B Alliance) Deeper Look at K-12 School Utility Apps Uncovers Global Advertising Company From CBS/Viacom, Unexpected Security Risks

Web app attacks could be a serious security worry for your business this Christmas (TechRadar) Don’t have a “crappy appy” Christmas this year, Imperva warns

Ransomware Operators Leak Data Stolen From Logistics Giant Hellmann (SecurityWeek) Logistics giant Hellmann Worldwide Logistics has confirmed that attackers were able to exfiltrate data from its systems during a cyberattack earlier this month.

Just Dance data breach confirmed by Ubisoft (Stevivor) A Just Dance data breach has today been confirmed by Ubisoft. The publisher has sent an email to those affected, saying that, “the data in question is limited to ‘technical identifiers’, which include your GamerTag, Profile ID and Device ID, as well as Just Dance videos that you recorded and uploaded to be shared publicly with the […]

Ubisoft discloses security breach impacting Just Dance gamer data (The Record by Recorded Future) French video game maker Ubisoft said today that a misconfiguration in its IT infrastructure exposed gamer data for players of its Just Dance video game series.

UK police data breach: What did Cl0p do with the data? (Tech Monitor) A supply chain attack led to personal information being stolen in a major UK police data breach. But where has the data gone?

Police National Computer not pwned by Clop ransomware crims (Register) Scottish MSP Dacoll was hit, however

NSS allegedly hit by data breach as 700,000 people’s documents leak online (GhanaWeb) Data of persons across Ghana allegedly exposed, web security firm

Saskatoon Airport Authority computer system breached in ‘sophisticated’ cyber attack (Saskatoon) The Saskatoon Airport Authority’s (SAA) computers system was breached in a “targeted” and “sophisticated” cyber attack.

Hypebeasts With Bots Have Ruined Christmas (Wired) As resellers snap up the scarce supply of new consoles and other must-have items, politicians, shoppers, and retailers are fighting back.

Vulnerability Summary for the Week of December 13, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

VMware Patches Vulnerabilities in Workspace ONE Access (SecurityWeek) Patches released by VMware to address a couple of vulnerabilities in the Workspace ONE Access authentication solution also resolve the recent Log4Shell security flaw.

The year that hackers went wild and everything changed (Wall Street Journal) The U.S. government in 2021 began to take a more decisive—and prescriptive—role in how digital defenses are constructed, on the back of a string of high-profile cyberattacks against the nation’s critical infrastructure.

New Ivanti Study Finds the Biggest Challenge for IT Departments is Keeping Up with Digital Transform | Ivanti (Ivanti) Having more than 50% of IT services automated is a key indicator of an organization that views IT as critical to growth and business strategy

Spam Rates in the U.S. Spike Again; Truecaller’s 2021 Global Spam Report Shows Rising Spam Call Volumes in Latter Half of the Year (PR Newswire) Truecaller has launched its fifth edition of the annual Global Spam Report – a detailed, global study on how spam and scam affects all of us….

Positive Technologies: Cybercriminals Can Penetrate 93% of Local Company Networks, and Trigger 71% of Events Deemed ‘Unacceptable’ For Their Businesses (Positive Technologies) Positive Technologies: Cybercriminals Can Penetrate 93% of Local Company Networks, and Trigger 71% of Events Deemed ‘Unacceptable’ For Their Businesses

14 cybersecurity predictions for 2022 and beyond (MIT Technology Review) In the new year, ransomware attacks are projected to increase, major nation-states look to ramp up aggressive tactics, and deepfakes are likely to compound the threats to cybersecurity.

A shift in cybersecurity culture (Professional Security) As the threat of COVID-19 and the Omicron variant once again thrusts businesses into a working from home model, global events are still creating uncertainty around what the world of work will look like in 2022, writes Paul Stark, General Manager of OnBoard.

Senior IT Security Experts are less likely to be fired after cybersecurity breaches in 2021 (TahawulTech.com) Senior IT Security Experts are less likely to be fired after cybersecurity breaches in 2021.

Marketplace

Blackstone Invests in Mitiga’s Cloud Incident Readiness and Response Solution (PR Newswire) Mitiga, the cloud incident response company, today announced that Blackstone Innovations Investments has participated in Mitiga’s Series A…

ZeroFox Announces Plan to Acquire IDX and Become Publicly Traded Company via Merger with L&F Acquisition Corp. (ZeroFox) ZeroFox, Leading External Cybersecurity SaaS Provider, Announces Plan to Acquire IDX and Become Publicly Traded Company via Merger with L&F Acquisition Corp.

ZeroFox to Go Public in $1.4 Billion SPAC Deal (SecurityWeek) Social media threat protection firm ZeroFox will acquire incident response services firm IDX and become a publicly traded company via Merger with L&F Acquisition Corp.

One of Baltimore’s biggest cyber firms is going public through SPAC deal (Maryland Inno) One of Baltimore’s largest cybersecurity firms just got even bigger.

Cybersecurity company ZeroFox is set to go public in $1.4B SPAC merger (Technical.ly Baltimore) The Baltimore company is also acquiring IDX to create a 650-person company.

ESET to support a new security group founded to help protect research and education sector (Intelligent CIO Middle East) Cybersecurity vendor ESET, has backed senior malware researcher Marc-Étienne Léveillé as a founding member of the Security Assistance For Education and Research (SAFER) Trust Group. SAFER is a new organisation of independent security experts who have united to better secure the research and education sector (R&E) against global threats. ESET, as the only organisation from […]

Cybersecurity M&A Roundup for December 13-19, 2021 (SecurityWeek) Eight cybersecurity-related mergers and acquisitions were announced December 13-19, 2021.

SolarWinds tries to rebuild its reputation a year after its huge hack was discovered (Fortune) Hackers taking advantage of a flaw in software created by the company were able to access the networks of thousands of SolarWinds customers.

Trend Micro Crowns Champions of 2021 Capture the Flag Competition (Trend Micro) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced the winners of its long-running Capture the Flag Competition, who squared off in a virtual final…

GrammaTech Receives Numerous Global Industry Awards in 2021 (Business Wire) We are honored that our contributions to software security have been recognized with several leading industry awards.

Darktrace recognised for leadership in technology innovation in industrial cyber security AI by Frost & Sullivan (Cambridge Network) Darktrace, a global leader in cyber security AI, announced that Frost & Sullivan recognised the company with the North American ‘Technology Innovation Leadership Award’ for its work in the Industrial Cyber Security AI market.

Arctic Wolf Shifts into New Gear with Red Bull Racing Honda Global Partnership in 2022 (Arctic Wolf) Arctic Wolf partners with leading Formula 1 team to enhance world-class security operations at the racetrack and beyond.

Internet Security Non-Profit Quad9 Appoints Timo Koster as Chief Strategy Officer (Quad9) Quad9 announces the appointment of Timo Koster as Chief Strategy Officer

Conquest Cyber Announces Executive Team Growth, Including Addition of Gerard Amaro as Executive Director and CRO (EIN) With the expansion of their Nashville office, Conquest Cyber has included growth-focused executive team additions to lead into 2022.

PKWARE Promotes Mike Wood to Vice President of Product Management (PKWARE) PKWARE today announced it has named Mike Wood, previously director of product management, as the new vice president of product management.

Ex-Red Hat CEO Whitehurst joins board at data security firm Tanium (WRAL TechWire) Former Red Hat CEO Jim Whitehurst has a new board assignment – he’s now an independent director at Tanium, a provider of data security services and technology.

Keeper Security Appoints Gerardo A. Dada as New Chief Marketing Officer to Accelerate Market Expansion in 2022 (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software covering password management, dark web…

Products, Services, and Solutions

ESET announces 35% off all consumer products in time for holidays (PR Newswire) For a special New Year’s promotion, ESET, a global leader in cybersecurity, announced today that it is offering 35% off all its consumer…

NetSPI Adds IoT Penetration Testing to its Suite of Offensive Security Services (Dark Reading) Led by IoT security expert Larry Trowell, the IoT pen-testing services focus on securing ATMs, automotive, medical devices, operational technology, and other embedded systems.

Beyond Identity Integrates With Microsoft Azure Active Directory SSO (Beyond Identity) Invisible multi-factor authentication (MFA) provider Beyond Identity today announced a new integration with Microsoft Azure Active Directory (Azure AD) SSO.

Beyond Identity Joins the Microsoft Intelligent Security Association (Beyond Identity) Beyond Identity today announced it has joined the Microsoft Intelligent Security Association (MISA).

Agora Partners with Bishop Fox to Set the Highest Security Standard for Real-Time Engagement (Yahoo) Bishop Fox’s Red Team and Cosmos platform provides real-time engagement with security, safety and privacySANTA CLARA, Calif., Dec. 21, 2021 (GLOBE NEWSWIRE) — Agora, Inc. (NASDAQ: API), a pioneer and leading platform for real-time engagement APIs, has partnered with Bishop Fox, the largest private offensive security firm to work on multiple security areas. This partnership will set the highest industry standards for real-time engagement (RTE) security, while also providing Agora with continued

Cobwebs Technologies launches OSINT solution – Intelligence Community News (Intelligence Community News) On December 21, New York, NY-based Cobwebs Technologies, a leader in WEBINT (Web Intelligence), announced today the launch of a new web intelligence solution designed to improve security in the public sector.

ImmuniWeb and the UN ITU Announce a Strategic Partnership to Build Cyber Capacity (Immuniweb) ImmuniWeb becomes a strategic cybersecurity partner of the ITU to jointly promote global cybersecurity awareness and build cyber-resilience capabilities around the globe.

Technologies, Techniques, and Standards

How to deploy machine learning with differential privacy (NIST) We are delighted to introduce the final guest authors in our blog series, Nicolas Papernot and A

4 Most Common Cloud Disaster Recovery Plan Mistakes Companies Make (Toolbox) When organizations create a cloud disaster recovery plan, they can make certain mistakes and fall into a few traps. In this article, Richard Marcus, head of information security at AuditBoard, discusses a few mistakes companies can often make and ways to avoid them.

New Cyber Command & Control Center for Israel Transport Security (iHLS) This post is also available in: עברית (Hebrew)Technological advances in the realm of smart transportation also entail complex threats in the field

Ukrainian War Games Test Electricity Grid (Infosecurity Magazine) Sans Institute exercise reportedly sees defenders get hands-on practice

Design and Innovation

Minecraft is already the metaverse: Phil Spencer on Microsoft’s plan for the future of computing (Protocol) Xbox chief Phil Spencer talks with Protocol about Minecraft, the metaverse and how Microsoft intends to build a future of virtual worlds.

Academia

Rutgers opens research center to combat security threats (Security Magazine) The Department of Homeland Security has awarded Rutgers University a grant to conduct research into threat detection and mitigation at soft targets like schools, stadiums and other public venues.

UMSL team wins Midwest Collegiate Cyber Defense Competition Invitational (UMSL Daily) Students Joshua Dobyns, Annmol Babu, Faith Clark, Bharath Mukka, Venkat Pathapati and Subhan Pial comprised the winning team.

Several UTSA programs rank best in the U.S. (UTSA) Eleven UTSA programs are receiving high praise and recognition after placing amongst other U.S. schools on Intelligent.com’s best institution programs list for 2022.

Legislation, Policy, and Regulation

Cybersecurity Talks Between U.S., Russia “Proceeding with Great Difficulty,” Envoy says. (MSSP Alert) Cybersecurity discussions between the United States and Russia are “proceeding with great difficulty,” a top Russian cybersecurity diplomat said.

Full-blown warfare in cyberspace in progress, says Russian diplomat (TASS) What matters now is to calculate the damage and determine who will lose it in the end and what shape the world will eventually acquire as a result of this war, Andrey Krutskikh emphasized

U.S. and Britain Help Ukraine Prepare for Potential Russian Cyberassault (New York Times) Russia has attacked Ukraine’s power grid in the past, and experts say Moscow might take similar steps as it masses troops along the border.

UK unlikely to send troops if Russia invades Ukraine, says defence secretary (the Guardian) Minister’s comments come days after Boris Johnson warns Russia of ‘significant consequences’

Poland, Lithuania urge stronger Russian sanctions amid troop buildup at Ukrainian border (Newsweek) Ukraine has made similar requests of its allies recently as U.S. intelligence says around 70,000 Russian troops are near the country’s border with Ukraine.

French Data Protection Authority CNIL on a Hunt for Cookies (cyber/data/privacy insights) France’s data protection authority (CNIL) has proved again its determination to continue its enforcement strategy by issuing some 30 new formal notices to comply with its new guidelines on cookies on December 14, 2021. Previously, about 60 organizations were served with formal notices for not allowi

We Can Neither Regulate Nor Sanction Away Cryptocurrency’s Facilitation of Ransomware (ISACA) While 2020 will be remembered for the beginning of the COVID-19 pandemic, 2021 may be remembered as the year when ransomware entered the collective public consciousness, courtesy of the Colonial Pipeline and JBS ransomware attacks.

Tech companies want two more years for tokenisation (The Economic Times) Tokenisation is the process of replacing the 16-digit credit or debit card number for mobile and online transactions with a unique digital identification known as a “token”, which is a random string of 16-digit numbers.

Agencies Still Developing Cybersecurity Policies for Critical Infrastructure (Biz Tech) With the infrastructure bill signed into law, funding is now available for cybersecurity initiatives, but the federal government still has a long way to go in protecting critical infrastructure.

Likes, shares and posts now prohibited in Pentagon’s new anti-extremism policy (Military Times) The Pentagon’s extremism working group released its report on Monday.

Litigation, Investigation, and Law Enforcement

Ukraine accuses former president Poroshenko of treason (Al Jazeera) Ukrainian authorities accuse Petro Poroshenko of having helped pro-Russian separatists sell coal to Kyiv.

US charges former GRU officer with hacking and stock market trading scheme (The Record by Recorded Future) The US Department of Justice has charged today five Russian nationals, including a former officer of Russia’s GRU military intelligence agency, with hacking two SEC Filing Agents, stealing non-public information, and then sharing the stolen data with partners for the purpose of making beneficial trades ahead of time.

Russian Hacker With Kremlin Ties Extradited to U.S. on Insider-Trading Charges (Wall Street Journal) Prosecutors said Vladislav Klyushin traded on stolen information about Tesla and others to earn tens of millions of dollars.

Russian National Extradited for Role in Hacking and Illegal Trading Scheme (US Department of Justice) A Russian national has been extradited to the United States from Switzerland to face charges relating to his alleged involvement in a global scheme to trade on non-public information stolen from U.S. computer networks that netted tens of millions of dollars in illegal profits. Four other Russian nationals were also charged as part of the scheme.

US charges four more Russians with cybercrimes — prosecution (TASS) According to the official, one Russian was also charged with cybercrimes seeking to influence the 2016 US elections, while another one was accused of attempted hack of the World Anti-Doping Agency resources

A UAE agency put Pegasus spyware on phone of Jamal Khashoggi’s wife months before his murder, new forensics show (Washington Post) The new analysis challenges NSO claims that the murdered journalist’s wife, Hanan Elatr, ‘was not a target’

AP Exclusive: Polish opposition duo hacked with NSO spyware (Washington Post) Security researchers say they’ve found spyware from the notorious hacker-for-hire company NSO Group on the cellphones of two leading Polish opposition figures

Polish opposition duo hacked by Israeli NSO Group’s spyware, watchdog says (Times of Israel) Digital sleuths claim lawyer Roman Giertych’s cellphone tapped in final weeks of 2019 election, prosecutor Ewa Wrzosek targeted in 2021 as she challenged gov’t purge of judiciary

Israeli-made Pegasus spyware found on phone of critic of Indian PM – report (Jerusalem Post) Wilson’s phone was reportedly hacked multiple times using the NSO Group spyware.

China’s cyberspace regulator summons Quora-like platform Zhihu for publishing illegal information (Global Times) The Beijing cyberspace regulator announced on Monday that it was asked by the Cyberspace Administration of China (CAC) to summon the online question-and-answer platform Zhihu for publishing illegal information and demanded

Texas law allows residents’ sensitive personal information to be exposed on county websites (Texas Public Radio) For more than a decade, some Texas county clerks’ offices have left thousands of unredacted social security numbers online — exposing people to COVID relief fund theft and other identity crimes. County clerks never told people they were exposed, and the state government hasn’t prioritized protecting this crucial piece of their personal information.

Apple v. NSO Group: How will it affect security researchers? (SearchSecurity) Infosec experts, vendors and researchers weigh in on the precedent the Apple v. NSO Group lawsuit will have on the security research community.

$200M JPMorgan Fine Signals Broader Regulatory Crackdown (Law360) The $200 million regulatory fine levied on JPMorgan Chase & Co. could be a “shot across the bow” from regulators as they confront what are likely industrywide recordkeeping gaps that have emerged as brokers use digital messaging on personal devices to get ahead in a notoriously cutthroat business.

Meta Says Data Merchant Scraped Profiles Without Permission (Law360) Meta on Monday accused a Hong Kong social media data company of using bots to illicitly scrape account profiles from various websites, including those from more than 90 million Instagram users, before selling that data, according to a suit filed in California federal court.

Meta (Facebook) sues operators of 39,000 phishing sites (The Record by Recorded Future) Meta, the parent company for Facebook, Instagram, and WhatsApp, has filed a lawsuit today in a California court against the operators of more than 39,000 phishing sites that have been hosted through the Ngrok service.

Desjardins reaches $155M proposed settlement in data breach class action (Compliance Week) Desjardins Group has reached a proposed C$201 million (U.S. $155 million) settlement agreement in a class-action lawsuit following a long-running data breach that ultimately compromised the personal information of nearly 10 million individuals in Canada and abroad.

Charges over Victoria Police data breach (The Advertiser – Cessnock) A Victorian police officer has been charged after he allegedly accessed and passed on police information. The 45-year-old male officer, from the Eastern Regio…

Facebook’s internal messages reveal plans to ignore European privacy laws (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.