- 1. Google Says NSO Pegasus Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’
After thoroughly reviewing the "FORCEDENTRY" iPhone exploit, researchers at Google's Project Zero say they have uncovered a never-before-seen "hacking roadmap" that includes a PDF file that appears to be a GIF image loaded with a custom-coded virtual CPU constructed out of "Boolean pixel operations." According to Google's Ian Beer and Samuel Groß, "We assess this to be one of the most technically sophisticated exploits we've ever seen." According to Google, after receiving an exploit sample from Citizen Lab, it collaborated with Apple's Security Engineering and Architecture (SEAR) group to perform a technical analysis, which revealed a high degree of technical sophistication in an exploit that was sold to governments worldwide.
- 2. Bad things come in threes: Apache reveals another Log4J bug
Bad things come in threes: Apache reveals another Log4J bug Third major fix in ten days is an infinite recursion flaw.
CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j.
- 3. Conti ransomware uses Log4j bug to hack VMware vCenter servers
The "Conti" ransomware gang has been spotted exploiting the Log4j vulnerability (CVE-2021-44228) in order to obtain "rapid" access to targeted organizations' internal VMware vCenter Server instances and encrypt virtual machines.
- 4. TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Malicious actors have brought back an old and almost-retired malware family known as TellYouThePass, using it to target Linux and Windows devices vulnerable to the critical remote code execution vulnerability in the Apache Log4j library (CVE-2021-44228)
- 5. Log4j vulnerability now used to install Dridex banking malware
Malicious actors have been spotted exploiting the Log4j vulnerability (CVE-2021-44228) in order to infect targeted Linux devices with "Meterpreter" and Windows devices with the "Dridex" banking Trojan.
- 6. Clop ransomware gang is leaking confidential data from the UK police
Clop ransomware gang stolen confidential data from the UK police and leaked it in the dark web because the victim refused to pay the ransom.
Researchers say the "Clop" ransomware gang managed to access, steal, and leak "confidential" information belonging to some 13 million individuals, which included data belonging to the U.K. police taken from its police national computer (PNC) system.
- 7. FBI: State hackers exploiting new Zoho zero-day since October
The FBI's Cyber Division has revealed that state-backed APT actors have been actively exploiting the authentication bypass vulnerability (CVE-2021-44515) affecting Zoho's ManageEngine Desktop Central since at least October 2021 in order to conduct network reconnaissance and move laterally throughout compromised networks.
- 8. Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
CISA, the FBI, the NSA, and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library. Malicious cyber actors are actively scanning networks to potentially exploit CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.