China disciplines Alibaba Cloud for handling of Log4j bug

The Ministry of Industry and Information Technology said it will suspend work with Alibaba Cloud as a cybersecurity threat intelligence partner after the firm reported a critical security flaw to Apache.

South China Morning Post

This USB 'kill cord' can instantly wipe your laptop if snatched or stolen

Journalists, activists and human rights defenders face a constant battle to keep files safe from a growing set of digital threats and surveillance. But physical attacks can be challenging to defend against, whether an opportunist snatch-and-grab thief or an oppressive government kicking down someone's door.


The internet runs on free open-source software. Who pays to fix it?

Skip to Content Volunteer-run projects like Log4J keep the internet running. The result is unsustainable burnout, and a national security risk when they go wrong. Right now, Volkan Yazici is working 22 hour days for free. Yazici is a member of the Log4J project, an open-source tool used widely to record activity inside various types of software.

MIT Technology Review

A UAE agency put Pegasus spyware on phone of Jamal Khashoggi's wife months before his murder, new forensics show

The Pegasus ProjectA global investigation Warning: This graphic requires JavaScript. Please enable JavaScript for the best experience. Emirates flight attendant Hanan Elatr surrendered her two Android cellphones, laptop and passwords when security agents surrounded her at the Dubai airport. They drove her, blindfolded and in handcuffs, to an interrogation cell on the edge of the city, she said.

Washington Post

Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation - Microsoft Security Blog

Update [12/15/2021]: We added information about ransomware attacks on non-Microsoft hosted Minecraft servers, as well as updates to product guidance, including Threat and Vulnerability Management. Update [12/14/2021] : We added new insights about multiple attacker groups taking advantage of this vulnerability, including nation-state actors and access brokers linked to ransomware.

Microsoft Security Blog

ESF Members, NSA and CISA publish the fourth installment of 5G cybersecurity guidance

FORT MEADE, Md. - The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the fourth installment on securing integrity of 5G cloud infrastructures, Ensure Integrity of Cloud Infrastructure . As 5G networks and devices continue to increase in popularity, the importance of platform security to harden your systems against malicious cyber activity and persistence is apparent.

National Security Agency/Central Security Service

Belgian Defence ministry network partially down following cyber attack

Part of the Belgian Ministry of Defence's network was down for several days as a result of a "serious" cyber attack after a security hole was discovered in the software. Since last Thursday, part of the computer network was down, including the mail system, as a result of the attack.


Ransomware attack threatens paychecks just before Christmas

A major payroll company has been crippled by ransomware hackers, leaving some companies around the country scrambling to cover employees' last paychecks before Christmas and many workers wondering if they'll get paid on time.

NBC News

This is how Formula 1 teams fight off cyberattacks | ZDNet

The Mercedes-AMG Petronas Formula One team is one of the most dominant F1 teams of all time and has won seven Constructor's World Championships in a row since 2014, with seven-time World Champion Lewis Hamilton, who many consider to be the greatest ever Formula 1 driver, winning the F1 Drivers' Championship on six of those occasions.


Security firm Blumira discovers major new Log4j attack vector | ZDNet

It doesn't rain, but it pours. Previously, one assumption about the 10 out of 10 Log4j security vulnerability was that it was limited to exposed vulnerable servers. We were wrong. The security company Blumira claims to have found a new, exciting Log4j attack vector. You didn't really want to take this weekend off, did you?