6541

Stay away from Verizon’s Custom Experience

https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/04/14/36/crlf2zV21Ju/preview.jpg

[b]https://youtu.be/P5zprILAGyo[/b]
If you’re a Verizon customer and value your data, opt out of Verizon’s Custom Experience.
Read the full story on this topic written by DAVE LECLAIR editor of How-To Geek.

6542

Convincing Microsoft phishing uses fake Office 365 spam alerts
https://www.bleepingcomputer.com/news/security/convincing-microsoft-phishing-uses-fake-office-365-spam-alerts/

6543

Emotet now drops Cobalt Strike, fast forwards ransomware attacks
https://www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/

6544

Here’s the link.
https://www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/

6545

Oops, thanks Bob. :slight_smile:

6546

Has the surveillance technology industry
found another powerful ally?

https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/09/13/53/crlQIMV2rNZ/preview.jpg

[b]https://youtu.be/6hVf21-czow[/b]
There is always a fine balance between spying and/or protection
when it comes to surveillance.
Thanks to Joe Bosso for his excellent article on this topic.
https://blog.avast.com/author/joe-bosso

6547

Massive attack against 1.6 million WordPress sites underway
https://www.bleepingcomputer.com/news/security/massive-attack-against-16-million-wordpress-sites-underway/

6548

Weekly Security News Roundup w/e 12-10-2021

https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/10/14/03/crl62eV2T3D/preview.jpg

[b]https://youtu.be/MhY_yLGpzIY[/b]
Security-related news thanks mostly to Avast Software. I’m just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc

6549

New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html
https://www.lunasec.io/docs/blog/log4j-zero-day/

6550

It’s already been patched.
As always, you need to update to be safe.
Update - Update - Update

6551

Researchers release ‘vaccine’ for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/
http://github.com/Cybereason/Logout4Shell

6552

Is the Avast Business Hub also affected from Log4j problem?

6553

Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/

6554

Most infections can be directly attributed to neglect.
They neglected to update the system with the latest available security patches and the system got hacked.
No different here.

6555

Botnets like Mirai now come with Log4j aboard.
Re: -https://mvnrepository.com/artifact/net.mamoe/mirai-logging-log4j2
Made that link non-clickable because it has repositories (pol).

Re: https://urlhaus.abuse.ch/browse.php?search=mirai+ (already forced offline).

polonus

6556

What is Log4j and Do You Need to Worry About it?

https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/13/21/35/crlIraV2y0k/preview.jpg

[b]https://youtu.be/b2EpVYWZQLY[/b]
A new vulnerability called Log4j has security teams scrambling worldwide.
Here’s what you need to do - and what you don’t need to do - about it.
Thanks to Christopher Budd for his excellent article on this topic.
https://blog.avast.com/author/christopher-budd
Details on this vulnerability are described here:
https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/

6557

Log4j: List of vulnerable products and vendor advisories
https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/

6558

Almost complete blocklist provided:
https://blog.fox-it.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection/

Warning various mutations seen in the wild: https://threatpost.com/apache-log4j-log4shell-mutations/176962/

polonus

6559

Beware of a New Amazon Token Crypto Scam
https://blog.avast.com/beware-of-a-new-amazon-token-crypto-scam

6560

12/14/2021 Security News Flash - Amazon Token Crypto Scam

https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/14/15/06/crl2o1V2aAz/preview.jpg

[b]https://youtu.be/us2C3YvMXF0[/b]
Look out for offers to purchases nonexistent Amazon Crypto currency Tokens.
Thanks to Jakub Vávra for his excellent article on this topic.
https://blog.avast.com/author/jakub-vávra