AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/18/2022

Google Cloud offers good news and bad news on Log4Shell, other issues

Google Cloud is seeing 400,000 scans per day for systems vulnerable to the Log4Shell bug, the company said Tuesday. The findings — released as part of the company’s semi-regular Threat Horizons report — show that IT security professionals need to “keep paying attention to this, because the scans keep coming, and if you leave one vulnerable instance open, you’re going to be found,” Phil Venables, the chief information security officer at Google Cloud, told CyberScoop. That said, the companies interacting with Google Cloud have “been very much on top of this,” according to Venables. The warning comes as a reminder, however, to security professionals to keep doing the work of finding the devices and software vulnerable to the Log4Shell bug, which affects versions of the widely used Log4j logging software that haven’t been patched since early December.


Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry

Emotionally vulnerable and willing to offer up any information that lands the gig, job seekers are prime targets for social engineering campaigns. And with the “Great Resignation” in full swing, cybercriminals are having an easy time finding their next victim. Just since Feb. 1, analysts have watched phishing email attacks impersonating LinkedIn surge 232 percent, attempting to trick job seekers into giving up their credentials. “Current employment trends help to make this attack more convincing,” a new report from Egress said. “‘The Great Resignation’ continues to dominate headlines, and a record number of Americans left their jobs in 2021 for new opportunities. It is likely these phishing attacks aim to capitalize on jobseekers (plus curious individuals) by flattering them into believing their profile is being viewed and their experience is relevant to household brands.”


Hackers slip into Microsoft Teams chats to distribute malware

Security researchers warn that some attackers are compromising Microsoft Teams accounts to slip into chats and spread malicious executables to participants in the conversation. More than 270 million users are relying on Microsoft Teams every month, many of them trusting the platform implicitly, despite the absence of protections against malicious files. Researchers at Avanan, a Check Point company that secures cloud email and collaboration platforms, found that hackers started to drop malicious executable files in conversations on Microsoft Teams communication platform. The attacks started in January, the company says in a report today, and the threat actor inserts in a chat an executable file called “User Centric” to trick the user into running it.


Researchers create exploit for critical Magento bug, Adobe updates advisory

Security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday. The vulnerability, which Adobe saw being “exploited in the wild in very limited attacks,” received a severity score of 9.8 out of 10 and adversaries exploiting it can achieve remote code execution on affected systems without the need to authenticate. Earlier today, Adobe updated its security advisory for CVE-2022-24086 adding a new issue that is now tracked as CVE-2022-24087, which has the same severity score and can lead to the same result when leveraged in attacks. Both are Improper Input Validation vulnerabilities and the company released patches for Adobe Commerce and Magento Open Source to address the two security issues.


FlexBooker Data Leak Impacts Millions of End Customers

An online booking software provider unwittingly leaked the details of millions of customers online after misconfiguring a cloud storage solution, according to researchers. A team at comparison site vpnMentor found the leak on January 23 and traced it back to US firm FlexBooker, which provides software that enables businesses to accept bookings on their websites. The 172GB trove was left completely unsecured due to a misconfigured Amazon Web Services (AWS) S3 bucket. It was fixed three days later after the researchers reached out to both the vendor and AWS. “FlexBooker’s misconfigured AWS account contained over 19 million HTML files which exposed what seemed to be automated emails sent via FlexBooker’s platform to users. This means potentially up to 19 million people were exposed, depending on how many people made multiple bookings on a website using FlexBooker,” vpnMentor explained.


China’s Baidu Launches Self-Driving Taxis in Densely Populated Shenzhen

Chinese tech firm Baidu launched its self-driving taxi service in downtown Shenzhen on Thursday, marking the company’s first deployment of autonomous vehicles into a densely populated area of China. And while human drivers are still sitting behind the wheel as a safety precaution, that could change in the future as the technology progresses. Baidu has set up 50 different pick-up and drop-off stations in Shenzhen, a city of 13 million people, and the self-driving taxis can be summoned through a smartphone app called Apollo Go, according to a new report from state media outlet China Daily. Beijing allowed the first self-driving taxis to hit the roads in November, designating a “pilot area,” where the vehicles could be trialed by companies that gained regulatory approval. But Baidu isn’t the only self-driving vehicle company offering taxi services in China. Companies DeepRoute, Pony.ai, and AutoX have also begun trials of their own robotic taxi rides.

Related Posts