SECURITY WARNINGS & Notices - Please post them here

[Asyn]

New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html
https://www.lunasec.io/docs/blog/log4j-zero-day/

It's already been patched.
As always, you need to update to be safe.
Update - Update - Update

Researchers release 'vaccine' for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/
http://github.com/Cybereason/Logout4Shell

Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/

Most infections can be directly attributed to neglect.
They neglected to update the system with the latest available security patches and the system got hacked.
No different here.

Log4j: List of vulnerable products and vendor advisories
https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/

All Log4j, logback bugs we know so far and why you MUST ditch 2.15
https://www.bleepingcomputer.com/news/security/all-log4j-logback-bugs-we-know-so-far-and-why-you-must-ditch-215/

Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS
https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surprise-theres-a-217-fixing-dos/

[polonus]

Tackling the real big Log4Shell insecurity.

Re: https://snyk.io/blog/log4shell-remediation-cheat-sheet/

polonus

[Asyn]

Microsoft warns of easy Windows domain takeover via Active Directory bugs
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-easy-windows-domain-takeover-via-active-directory-bugs/

[Asyn]

New Dell BIOS updates cause laptops and desktops not to boot
https://www.bleepingcomputer.com/news/technology/new-dell-bios-updates-cause-laptops-and-desktops-not-to-boot/

[polonus]

In trouble again. AWS Amazon now down for the third time this month.
See: https://downdetector.com/status/amazon/  & https://istheservicedown.com/problems/amazon
Re: https://www.tellerreport.com/tech/2021-12-22-amazon-is-experiencing-outage-for-the-third-time-in-a-short-time.ryxq23loF.html

polonus

[bob3160]

It's that time of year.
Be careful even spam blockers are having problems.
I received this in my in-box this morning.

[Asyn]

NVIDIA discloses applications impacted by Log4j vulnerability
https://www.bleepingcomputer.com/news/security/nvidia-discloses-applications-impacted-by-log4j-vulnerability/

[bob3160]

Weekly Security News Roundup w/e 12-24-2021

https://youtu.be/Y1OiQQrQg_E
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc

[Asyn]

New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html
https://www.lunasec.io/docs/blog/log4j-zero-day/

It's already been patched.
As always, you need to update to be safe.
Update - Update - Update

Researchers release 'vaccine' for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/
http://github.com/Cybereason/Logout4Shell

Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/

Most infections can be directly attributed to neglect.
They neglected to update the system with the latest available security patches and the system got hacked.
No different here.

Log4j: List of vulnerable products and vendor advisories
https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/

All Log4j, logback bugs we know so far and why you MUST ditch 2.15
https://www.bleepingcomputer.com/news/security/all-log4j-logback-bugs-we-know-so-far-and-why-you-must-ditch-215/

Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS
https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surprise-theres-a-217-fixing-dos/

Log4j 2.17.1 out now, fixes new remote code execution bug
https://www.bleepingcomputer.com/news/security/log4j-2171-out-now-fixes-new-remote-code-execution-bug/
https://checkmarx.com/blog/cve-2021-44832-apache-log4j-2-17-0-arbitrary-code-execution-via-jdbcappender-datasource-element/

[bob3160]

6 Things in Cybersecurity We Didn’t Know Last Year

https://youtu.be/rrcoZLGZ1YY
Let’s look back at the year that’s been, and what we’ve learned along the way.
Thanks to TechCrunch for their excellent insight.
https://techcrunch.com/2021/12/29/six-things-we-learned-cybersecurity/

[bob3160]

Weekly Security News Roundup w/e 12-31-2021


https://youtu.be/0m45tcQEL74
A recap of the weekly episodes created during 2021

[Asyn]

Netgear leaves vulnerabilities unpatched in Nighthawk router
https://www.bleepingcomputer.com/news/security/netgear-leaves-vulnerabilities-unpatched-in-nighthawk-router/
https://www.tenable.com/security/research/tra-2021-57

[Asyn]

Microsoft Exchange year 2022 bug in FIP-FS breaks email delivery
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-year-2022-bug-in-fip-fs-breaks-email-delivery/

[Asyn]

Microsoft Exchange year 2022 bug in FIP-FS breaks email delivery
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-year-2022-bug-in-fip-fs-breaks-email-delivery/

Microsoft releases emergency fix for Exchange year 2022 bug
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-fix-for-exchange-year-2022-bug/

[Asyn]

FBI warns about ongoing Google Voice authentication scams
https://www.bleepingcomputer.com/news/security/fbi-warns-about-ongoing-google-voice-authentication-scams/