Cyber Security weekly hacker news December 14 – 20, 2021

———— VIDEO CONTENTS ———–
00:00 intro
00:27 phishing
00:30 Logistics giant warns of BEC emails following ransomware attack
02:19 PATCHES
02:22 Apache releases the third patch to address a new Log4j flaw
05:43 VMware fixes critical SSRF flaw in Workspace ONE UEM Console
08:01 Adobe addresses over 60 vulnerabilities in multiple products
08:54 Microsoft December 2021 Patch Tuesday fixes an actively exploited zero-day
10:10 Google fixed the 17th zero-day in Chrome since the start of the year
11:07 ATTACKS, VULNERABILITIES & UPDATES
11:11 TellYouThePass ransomware resurges and exploits Log4Shell in recent attacks
12:31 Conti ransomware gang exploits Log4Shell bug in its operations
14:27 Western Digital customers have to update their My Cloud devices to latest firmware version
15:22 1.8 Million customers of four sports gear sites impacted by credit cards breach
16:40 Phorpiex botnet is back, in 2021 it $500K worth of crypto assets
19:43 PseudoManuscrypt, a mysterious massive cyber espionage campaign
21:33 Flaws in Lenovo laptops allow escalating to admin privileges
23:49 Multiple Nation-State actors are exploiting Log4Shell flaw
25:20 Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems
26:18 Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials
28:40 Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia
30:09 TinyNuke banking malware targets French organizations
31:46 Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation
33:33 OTHER SECURITY NEWS
33:36 FBI’s investigation accidentally revealed the HelloKitty ransomware gang operates out of Ukraine
36:41 DHS announces its ‘Hack DHS’ bug bounty program
39:03 US CISA orders federal agencies to fix Log4Shell by December 24th
40:41 THANKS FOR WATCHING