Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • Infrastructure Security Testing
    • IoT Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Secure Development – Web
    • Secure Development – Mobile
  • Resource
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

Top CyberNews December 2021 – Week 3

  • Home
  • Blog Details
December 16 2021
  • CyberNews

It seems many won’t get their salary on time due to a ransomware attack, and Trojan horse attacks are still at large. December months’ cyber news is getting hotter.

Kronos Ransomware Outage Drives Widespread Payroll Chaos

Kronos, a workforce management platform, has been hit by a ransomware attack, which it says will cause its cloud-based services to be unavailable for several weeks – and it is advising customers to find alternative ways to complete payroll and other HR tasks.

Cyber news - Kronos' cloud based services is unavailable for several weeks due to a Ransomware attack
Kronos Payroll Chaos

Customers have experienced cataclysmic problems as a result of the outage.

400 Banks’ Customers Targeted with Anubis Trojan

According to the researchers, this is only the beginning.

Customers of Chase, Wells Fargo, Bank of America, and Capital One, and around 400 other financial institutions, are being targeted by an app that masquerades as the official account management platform of French telecom company Orange S.A.

Cyber news: App with Anubis Trojan targeting 400 Banks' customers
Anubis Trojan

Once downloaded, the malware – a variant of the banking trojan Anubis – steals the user’s personal information in order to defraud them, according to Lookout researchers in a new report. And it’s not just big bank customers who are at risk, according to the researchers: Virtual payment platforms and cryptocurrency wallets are also under attack.

Log4j vulnerability exposed to hackers

After the previous patch for the recently disclosed Log4 Shell exploit was deemed “incomplete in certain non-default configurations,” the Apache Software Foundation (ASF) has released a new fix for the Log4j logging utility.

Cyber news: Apache Software Foundation (ASF) has released a new fix for the Log4j logging utility.
A new fix for the Log4j logging utility.

The second vulnerability, CVE-2021-45046, is rated 3.7 out of a possible ten on the CVSS rating system and hinders all versions of Log4j from 2.0-beta9 to 2.12.1 and 2.13.0 to 2.15.0, which the project maintainers shipped last week to address a critical remote code execution vulnerability (CVE-2021-44228) that could be exploited to penetrate and take over systems.

The incomplete patch for CVE-2021-44228 could be exploited to “craft malicious input data using a JNDI Lookup pattern, resulting in a denial-of-service (DoS) attack,” according to a new advisory from the ASF. The most recent version of Log4j, 2.16.0 (for users requiring Java 8 or later), effectively disables message lookups and disables JNDI.

Read latest cybersecurity news

Previous Post Next Post

Leave a Comment

Recent Posts

  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2
  • Data security in cloud computing

Recent Comments

  1. Computer Network Assignment Help on What is White Box Testing?
  2. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
  • WAF
© Copyright 2020. Anada WordPres Theme By WordPressRiver
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}