Comments on: Cyber Security News December 2021

By: SafeAeon Inc Inc

SafeAeon Inc Inc — Mon, 14 Apr 2025 23:16:41 +0000

Nice content, thank you for sharing with us!

By: garrett metal detectors

garrett metal detectors — Thu, 19 May 2022 18:37:07 +0000

I go to see daily some blogs and blogs to read content, but this webpage offers
quality based writing.

By: Tomi Engdahl

Tomi Engdahl — Tue, 04 Jan 2022 14:09:04 +0000

Some Atlanta residents say Apple AirTags are tracking them | What to do if this happens to you
https://www.youtube.com/watch?v=GnNJdKJQry8

Tracking your lost items is becoming easier with new technology like the Apple AirTag. You can find your missing keys, wallet or purse with the press of a button. But with the solution to one problem came the advent of another; instead of using the AirTag to track items some are using them to track people.

Police reports of unwanted tracking have surfaced in Atlanta, Gwinnett County and Cobb County.
Full story: https://bit.ly/3pSYRfE

By: Tomi Engdahl

Tomi Engdahl — Mon, 03 Jan 2022 15:04:51 +0000

noPac: A Tale of Two Vulnerabilities That Could End in Ransomware
Numerous public proof-of-concept exploits reveal that the noPac vulnerabilities (CVE-2021-42278 and CVE-2021-42287) are trivial to exploit and lead to privilege escalation.
https://www.secureworks.com/blog/nopac-a-tale-of-two-vulnerabilities-that-could-end-in-ransomware

By: Tomi Engdahl

Tomi Engdahl — Mon, 03 Jan 2022 08:16:54 +0000

https://www.securityweek.com/norwegian-media-firm-amedia-suffers-disruption-due-cyberattack

By: Tomi Engdahl

Tomi Engdahl — Mon, 03 Jan 2022 08:16:39 +0000

Another Remote Code Execution Vulnerability Patched in Log4j
https://www.securityweek.com/another-remote-code-execution-vulnerability-patched-log4j

By: Tomi Engdahl

Tomi Engdahl — Mon, 03 Jan 2022 08:16:02 +0000

Storage Devices of Major Vendors Impacted by Encryption Software Flaws
https://www.securityweek.com/storage-devices-major-vendors-impacted-encryption-software-flaws

Storage devices from several major vendors are affected by vulnerabilities discovered by a researcher in third-party encryption software they all use.

Earlier this month, SecurityWeek reported that Western Digital had updated its SanDisk SecureAccess product to address vulnerabilities that can be exploited to gain access to user data through brute force and dictionary attacks.

SanDisk SecureAccess, recently rebranded SanDisk PrivateAccess, is a piece of software that allows users to encrypt files and folders stored in a protected vault on SanDisk USB flash drives.

By: Tomi Engdahl

Tomi Engdahl — Mon, 03 Jan 2022 08:15:16 +0000

LastPass Automated Warnings Linked to ‘Credential Stuffing’ Attack
https://www.securityweek.com/lastpass-automated-warnings-linked-%E2%80%98credential-stuffing%E2%80%99-attack

Users of the popular LastPass password manager are being targeted in so-called “credential stuffing” attacks that use email addresses and passwords obtained from third-party breaches.

By: Tomi Engdahl

Tomi Engdahl — Mon, 03 Jan 2022 08:14:32 +0000

Chinese Spies Exploit Log4Shell to Hack Major Academic Institution
https://www.securityweek.com/chinese-spies-exploit-log4shell-hack-major-academic-institution

China-linked cyberespionage group Aquatic Panda was recently observed exploiting the Log4Shell vulnerability to compromise a large academic institution, CrowdStrike’s Falcon OverWatch team reports.

Tracked as CVE 2021-44228 and also referred to as Log4Shell and LogJam, the security hole affects the Apache Log4j Java logging framework and has been exploited in targeted attacks since early December.

As part of a recent campaign, the OverWatch security researchers observed Aquatic Panda leveraging a modified version of the Log4j exploit for initial access, and then performing various post-exploitation operations, including reconnaissance and credential harvesting.

In their attempt to compromise the unnamed academic institution, the attackers targeted a VMware Horizon instance that employed the vulnerable Log4j library. The exploit used in this attack was initially published on GitHub on December 13.

By: Tomi Engdahl

Tomi Engdahl — Mon, 03 Jan 2022 07:31:10 +0000

PulseTV discloses potential compromise of 200, 000 credit cards https://www.bleepingcomputer.com/news/security/pulsetv-discloses-potential-compromise-of-200-000-credit-cards/
U.S. online store PulseTV has disclosed a large-scale customer credit card compromise. As per the notification letter shared with the Office of the Maine Attorney General, more than 200, 000 shoppers have been impacted. The platform found out about a potential breach from VISA on March 8, 2021, who informed them that unauthorized credit card transactions were taking place on the site. After running some security checks and scanning for malware, PulseTV was unable to pinpoint any issues on its e-commerce website. However, the problem persisted as law enforcement contacted them a few months later regarding payment card compromises that appeared to have originated from pulsetv.com.