AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/29/2021

T-Mobile welcomed Christmas with its second data breach in less than six months

T-Mobile may have enjoyed another solid year in terms of subscriber growth, 5G network expansion, speed boosts, and various other technological breakthroughs and advancements, but when it comes to customer support and especially security, 2021 has been a time of worrying decline and a tidal wave of negative publicity for the once mighty “Un-carrier.” While the huge data breach identified back in August is likely to remain unrivaled (in the worst possible sense of the word) in the wireless industry for many years to come, T-Mo customers will undoubtedly be disappointed to hear their mobile network operator has recently experienced another bout of “unauthorized activity.” Yes, already. The good news is the account information viewed without authorization and presumably stolen this time around is not quite as extensive as during the previous breach, with no social security numbers, birth dates, or personal identification data compromised in any way, at least to Magenta’s current (leaked) knowledge.


LastPass users warned their master passwords are compromised

Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. The email notifications also mention that the login attempts have been blocked because they were made from unfamiliar locations worldwide. “Someone just used your master password to try to log in to your account from a device or location we didn’t recognize,” the login alerts warn. “LastPass blocked this attempt, but you should take a closer look. Was this you?” Reports of compromised LastPass master passwords are streaming in via multiple social media sites and online platforms, including Twitter, Reddit, and Hacker News (original report from Greg Sadetsky).


New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a scale of 10 and impacts all versions of the logging library from 2.0-alpha7 to 2.17.0 with the exception of 2.3.2 and 2.12.4. While Log4j versions 1.x are not affected, users are recommended to upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later). “Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code,” the ASF said in an advisory. “This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.”


Fintech firm hit by log4j hack refuses to pay $5 million ransom

One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort a $5 million sum and threatened to publish the customer data should ONUS refuse to comply. After the company’s refusal to pay the ransom, threat actors put up data of nearly 2 million ONUS customers for sale on forums. On December 9th, the PoC exploit for the notorious Log4Shell vulnerability (CVE-2021-44228) leaked on GitHub. And, that got the attention of opportunistic attackers who began mass-scanning the internet for vulnerable servers.


Washington grapples with how to expand crypto oversight

The cryptocurrency explosion has forced Washington to adapt federal financial rules to a quickly growing and changing industry. Americans have poured billions of dollars into cryptocurrencies and a wide array of blockchain-based financial platforms over the past year as the pandemic triggered an investment boom. While the crypto market has picked up steam steadily over the past decade, a surge of interest in the space and the rapid rise of decentralized financial networks has drawn fresh attention from regulators and lawmakers. Democrats, Republicans and industry advocates largely agree that the current patchwork of state and federal rules covering cryptocurrencies and technologies is no longer feasible. The Securities and Exchange Commission, Commodity Futures Trading Commission (CFTC), the Treasury Department and state money transmission licensers all share overlapping jurisdiction over parts of the crypto industry, which often leaves firms unsure about their regulatory obligations.

Related Posts