Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars. Also, learn about an iOS malware that can fake iPhone shutdowns to snoop on a phone‘s camera and microphone.
The end of 2021 saw the emergence of the Log4Shell (CVE-2021-44228) vulnerability, a critical vulnerability in the ubiquitous Java logging package Apache Log4j. Exploiting Log4Shell via crafted log messages can allow an attacker to execute code on remote machines. The potential impact of this vulnerability is great enough that it scores a 10.0 rating based on CVSS version 3.x and a 9.3 rating based on CVSS version 2.0 in terms of critical risk.
Google confirmed that it has acquired Siemplify, an Israel-based cybersecurity startup that specializes in end-to-end security services for enterprises, automation and response (SOAR) services. The acquisition verifies that Siemplify will be integrated into Google Cloud Platform, specifically its Chronicle operation, expanding Google’s footprint in the cybersecurity industry.
Log4j poses some deep challenges to IT. This article discusses some tactical measures people are already taking now and over the next week or two, and some strategic guidance for what to do after the immediate crisis abates.
Since its discovery in early December, Log4j has forced droves of the web’s biggest companies to scramble and patch their products and systems before criminal hackers can get at them. The FTC issued a stern warning to companies that may not be fully prioritizing this process and will “use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.
Trend Micro’s latest customer data reveals just how significant the global and vertical reach of Log4Shell is, and the huge range of applications it impacts. That’s why Trend Micro is continuing to research potential new vectors and Log4j vulnerabilities, and helping organizations better understand where they may be exposed.
Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection.
In this blog, Trend Micro looks into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars, specifically chargers, in-vehicle infotainment systems, and digital remotes for opening cars.
A simple-to-exploit bug that allows bad actors to send emails from Uber’s official system went unaddressed despite flagging by multiple researchers. Since the story was first reported, Uber has fixed the vulnerability. However, because it’s unknown whether the vulnerability has been exploited in the years that it existed, customers who gave up personal information in response to an official Uber email should take action to change their passwords immediately.
Further monitoring and analysis of Squirrelwaffle from Trend Micro’s incident response and extended detection and response teams (IR/XDR) found that one of Squirrelwaffle’s payloads includes QAKBOT, a banking trojan and infostealer that cybercriminals have been using since 2007. While QAKBOT is one of the payloads it stages filelessly in the registry, the stager is also capable of staging for more than one malware, a capability that can likely be abused for more campaigns in the future.
Security researchers are observing a new campaign in which attackers abuse the Microsoft e-signature verification to deploy Zloader, a banking malware designed to steal user credentials and private information.
Now that the reign of REvil has come to an end, it's time to regroup and strategize. What can organizations learn from REvil’s tactics? In this blog, Trend Micro reviews the rise, downfall, and future of its operations using insights into the group's arsenal and inner workings.
What do you think about the Uber email bug? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.