Cyber Security weekly hacker news December 28 – January 3, 2022
00:00 intro
00:31 PATCHES
00:34 Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)
02:48 ATTACKS, VULNERABILITIES & UPDATES
02:53 Y2k22 bug in Microsoft Exchange causes failure in email delivery
04:37 PulseTV discloses potential credit card breach
06:23 The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware
08:40 Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched
10:18 Flaws in DataVault encryption software impact multiple storage devices
11:07 New iLOBleed Rootkit, the first time ever that malware targets iLO firmware
13:01 AvosLocker ransomware gang releases a free decryptor after an affiliate hit US gov agency
14:16 China-linked APT group Aquatic Panda leverages Log4Shell in recent attack
16:11 T-Mobile suffered a new data breach
17:59 A cyber attack against Norwegian Media firm Amedia blocked newspaper publishing
19:40 China-linked BlackTech APT uses new Flagpro malware in recent attacks
21:40 LastPass investigated recent reports of blocked login attempts
22:35 Threat actors are abusing MSBuild to implant Cobalt Strike Beacons
24:50 Shutterfly hit by a Conti ransomware attack
25:54 DoubleFeature, post-exploitation dashboard used by Equation Group APT
28:04 Logistics giant D.W. Morgan exposed 100 GB worth of clients’ data, including Fortune 500 Clients
29:34 A new wave of ech0raix ransomware attacks targets QNAP NAS devices
31:52 Experts found backdoors in a popular Auerswald VoIP appliance
34:06 Apache addressed a couple of severe vulnerabilities in Apache HTTP Server
35:17 THANKS FOR WATCHING
#cybersecurity #hackernews #malware #ransomware
