Exploits & Vulnerabilities
This Week in Security News - January 7, 2022
This week, read about Log4j vulnerabilities in connected cars and charging stations and how iOS malware can fake iPhone shutdowns to snoop on cameras and microphones.
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars. Also, learn about an iOS malware that can fake iPhone shutdowns to snoop on a phone‘s camera and microphone.
Read on:
Are Endpoints at Risk for Log4Shell Attacks
The end of 2021 saw the emergence of the Log4Shell (CVE-2021-44228) vulnerability, a critical vulnerability in the ubiquitous Java logging package Apache Log4j. Exploiting Log4Shell via crafted log messages can allow an attacker to execute code on remote machines. The potential impact of this vulnerability is great enough that it scores a 10.0 rating based on CVSS version 3.x and a 9.3 rating based on CVSS version 2.0 in terms of critical risk.
Google Confirms It Acquired Cybersecurity Specialist Siemplify
Google confirmed that it has acquired Siemplify, an Israel-based cybersecurity startup that specializes in end-to-end security services for enterprises, automation and response (SOAR) services. The acquisition verifies that Siemplify will be integrated into Google Cloud Platform, specifically its Chronicle operation, expanding Google’s footprint in the cybersecurity industry.
Log4j poses some deep challenges to IT. This article discusses some tactical measures people are already taking now and over the next week or two, and some strategic guidance for what to do after the immediate crisis abates.
FTC Warns Companies to Patch Log4j or Face Potential Lawsuits
Since its discovery in early December, Log4j has forced droves of the web’s biggest companies to scramble and patch their products and systems before criminal hackers can get at them. The FTC issued a stern warning to companies that may not be fully prioritizing this process and will “use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.
The Log4j Story, and How It Has Impacted Our Customers
Trend Micro’s latest customer data reveals just how significant the global and vertical reach of Log4Shell is, and the huge range of applications it impacts. That’s why Trend Micro is continuing to research potential new vectors and Log4j vulnerabilities, and helping organizations better understand where they may be exposed.
iOS Malware Can Fake iPhone Shutdowns to Snoop on Camera, Microphone
Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection.
Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
In this blog, Trend Micro looks into how Log4j vulnerabilities affect devices or properties embedded in or used for connected cars, specifically chargers, in-vehicle infotainment systems, and digital remotes for opening cars.
Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails
A simple-to-exploit bug that allows bad actors to send emails from Uber’s official system went unaddressed despite flagging by multiple researchers. Since the story was first reported, Uber has fixed the vulnerability. However, because it’s unknown whether the vulnerability has been exploited in the years that it existed, customers who gave up personal information in response to an official Uber email should take action to change their passwords immediately.
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager
Further monitoring and analysis of Squirrelwaffle from Trend Micro’s incident response and extended detection and response teams (IR/XDR) found that one of Squirrelwaffle’s payloads includes QAKBOT, a banking trojan and infostealer that cybercriminals have been using since 2007. While QAKBOT is one of the payloads it stages filelessly in the registry, the stager is also capable of staging for more than one malware, a capability that can likely be abused for more campaigns in the future.
New Attack Campaign Exploits Microsoft Signature Verification
Security researchers are observing a new campaign in which attackers abuse the Microsoft e-signature verification to deploy Zloader, a banking malware designed to steal user credentials and private information.
Now that the reign of REvil has come to an end, it's time to regroup and strategize. What can organizations learn from REvil’s tactics? In this blog, Trend Micro reviews the rise, downfall, and future of its operations using insights into the group's arsenal and inner workings.
What do you think about the Uber email bug? Share in the comments below or follow me on Twitter to continue the conversation: @JonLClay.