Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware
More than two years after the critical Log4j zero-day sparked chaos around the world, organizations are still being hit by exploits pushing crypto-currency miners and malicious backdoor scripts. According to researchers at Datadog Security Labs, opportunistic cybercriminals are still finding targets for ‘Log4Shell’ exploits that evade detection and plant malware scripts on unpatched corporate systems. The Datadog discovery highlights the long tail of risk from critical vulnerabilities that remain unpatched years after fixes are available, even for remote code execution issues known to be actively exploited.
Local Networks Go Global When Domain Names Collide
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size of this insidious problem. At issue is a well-known security and privacy threat called “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.
US sues Georgia Tech over alleged cybersecurity failings as a Pentagon contractor
The US is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees. Georgia Institute of Technology (GIT), commonly referred to as Georgia Tech, and its contracting entity, Georgia Tech Research Corporation (GTRC), are being investigated following whistleblower reports from insiders Christopher Craig and Kyle Koza about alleged failures to protect controlled unclassified information (CUI). The series of allegations date back to 2019 and continued for years after, although Koza was said to have identified the issues as early as 2018.
Microsoft to host CrowdStrike and others to discuss Windows security changes
Microsoft is hosting an important summit on Windows security at its Redmond, Washington, headquarters next month. The Windows Endpoint Security Ecosystem Summit on September 10th will bring together Microsoft engineers and vendors like CrowdStrike to discuss improvements to Windows security and third-party best practices to try and prevent another CrowdStrike incident. “Microsoft, CrowdStrike and key partners who deliver endpoint security technologies will come together for discussions about improving resiliency and protecting mutual customers’ critical infrastructure,” says Aidan Marcuss, corporate vice president of Microsoft Windows and devices. “Our objective is to discuss concrete steps we will all take to improve security and resiliency for our joint customers.”
US sues RealPage over rent-setting software that allegedly drove up prices
The Justice Department is suing the company behind a widely used software that helps landlords set rental prices. It alleges that RealPage’s rent recommendation algorithm drives up prices and “deprives renters of the benefits of competition on apartment leasing terms.” In the complaint, the DOJ, along with eight states, claim that RealPage obtains nonpublic rental price information from competing landlords who use the software. RealPage then allegedly feeds this information into its algorithmic pricing software, which landlords can use to get suggestions about their rent rates.