Buckle up your seat belts for more Log4j


feel like There are many Pandora’s boxes open at the same time in the world.last week Another crisis has surfaced Vulnerabilities in Log4j, the widely used open source Apache logging library, are disclosed. Since then, system administrators, incident responders, and governments have all scrambled to install patches and reduce threats. This vulnerability can be easily exploited by attackers and could lead to a complete takeover of the server. Patches are increasing, but Apache has to release additional fixes that must now be installed.After some initial exploration and use by attackers from all over the world, the defenders Prepare for the next cruel wave. they said Vulnerable systems will be lurking in the network for many years, Waiting to be discovered and utilized.

At the same time, researchers this week put the surveillance recruitment industry in an explosive manner. Meta demolished infrastructure From seven companies on its platform, these companies target the company’s more than 50,000 users and others. Google’s Project Zero conducted an in-depth technical analysis of the ForcedEntry iOS vulnerability of NSO Group, emphasizing How sophisticated the hacking tools of private organizations can be. Wired also studied growth strategies The world’s largest deepfake abuse site Use AI to generate fake nude images.

With all these targeted hacking and misinformation circulating around, check out WIRED’s guide to protecting yourself from “smishing” Or SMS phishing attacks deployed by everyone from the most elite hackers to spammers.

there are more. Every week we collect all safety news that WIRED has not covered in depth. Click on the title to read the full text.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an emergency order on Friday, requiring all federal civil agencies to evaluate their systems and apply patches and other mitigation measures related to the Log4j vulnerability by December 23. The order also requires agencies to provide CISA with statistics on the names and versions of all affected systems by December 28, as well as detailed information about the protections they implemented for each application.

CISA wrote in the directive: “CISA has determined that this vulnerability poses an unacceptable risk to federal civil administration agencies and requires urgent action.” “This decision is based on the current threat actors’ use of the vulnerability in the wild. The possibility of further exploitation of this vulnerability, the prevalence of affected software in federal enterprises, and the possibility of damage to agency information systems are high.”

As a preventive measure against Log4j vulnerabilities, the Patent and Trademark Office began offline access to its system for 12 hours starting Wednesday night. CISA stated that it has not confirmed the Log4j compromise of the Federal Civil Network, and so far, no other agency has shut down like the Patent Office. But the temporary deletion reflects the extreme risk and urgency of patching the vulnerability. Homeland Security Secretary Alejandro Mayorkas (Alejandro Mayorkas) said on Thursday that he was “extremely concerned” about the loophole.

After investigating by the Investigative Reporting Center and WIRED’s Reveal last month, lawmakers called on the Federal Trade Commission to investigate Amazon’s poor-quality data protection and called for a federal privacy law. WIRED and Reveal reports show that Amazon allows many internal employees to find customer orders at will, a data company in China is likely to gain access to the personal data of millions of customers, and so on. Amazon said these incidents did not reflect current practices. But Senators Ron Wyden (D-OR) and Jon Tester (D-MT) and several representatives pointed out that this series of failures proved that US companies need to take more measures to protect customer data.

Former defense contractor John Murray Rowe Jr. (John Murray Rowe Jr.) was arrested on Wednesday for espionage after the US Department of Justice said he allegedly “attempted to provide the Russian government with classified defense information.” Rowe, 63, faces a maximum life sentence if found guilty. According to reports, he has served as a test engineer for multiple defense contractors during his 40-year career, during which time he obtained various security permits ranging from “confidential” to “top secret” and “sensitive segregated information.” Among other things, Luo is engaged in aerospace technical work for the Air Force. A series of security violations showing potential allegiance to Russia led officials to identify Rowe as an insider threat and terminate his status as a contractor in 2018. The FBI began its investigation, and in March 2020, Rowe allegedly met with an undercover FBI employee posing as a Russian government official. The prosecutor said that he communicated with undercover agents through more than 300 emails, in which Luo revealed that he was willing to work for the Russian government, discussing his previous work and stealing US secrets.

French police arrested an unidentified man from southeastern France on suspicion of laundering more than $21.4 million in ransomware payments. The authorities also did not name the ransomware group he was accused of cooperating with. This action was launched after a global concerted effort to prevent ransomware attacks and hold the perpetrators accountable.

More exciting connection stories


Source link

Recommended For You

About the Author: News Center