Security News for the Week Ending December 10, 2021


A proof of concept for a zero-day vulnerability in the very popular Apache Log4j Java library is being shared online. Log4j is used both in enterprises and in cloud services. Products from Apple, Amazon, Twitter and Steam, among others may be vulnerable to remote code execution exploits. All versions through 2.14.1 are vulnerable CISA and other government agencies have issued alerts. Many Managed Service Providers are finding themselves under attack. Find details at Bleeping Computer and US CERT and Huntress Labs.

Researcher Found Method to Brute Force Verizon PINs

A researcher discovered a bug that allowed him to brute force any customer’s Verizon security PIN. After reporting it to Verizon, Verizon told Vice that they solved the problem by taking down the vulnerable website pages. Hopefully, when those pages return, the bug will be fixed. Credit: Vice

US Military Admits to Offensive Hacking

Cyber Command, AKA the NSA, has confirmed that they have taken unspecified hacking to disrupt hackers ability to hack. This comes from none other than General Paul Nakasone, head of the NSA and CyberCom. While they know that they can’t shut down hackers, they also know that they can make it more costly. Nakasone said that a number of elements of the government (i.e. more than just the NSA) have taken actions and we have imposed costs. Just speculating, but hackers are often not good programmers and even worse at operational security, so it is not at all surprising that they can be hacked. Historically we haven’t done that, but it looks like now we are. Credit: CNN

A Camera the Size of a Grain of Salt

It can take better full color images than a camera 500,000 times its size. It even works in ordinary light. The surface is made from silicon nitride, meaning that it can be made in microchip manufacturing plants. It could be used in medicine (like in an endoscope), but think about the uses by spies. What an incredible spy cam. No one is going to see a grain of salt. Credit: Vice

In the Face of a $150 BILLION Lawsuit, Facebook Bans Myanmar Military

Facebook announced this week that it will remove pages, groups and accounts representing military controlled businesses. Many criticized it as a cynical ploy to deflect criticism coming from the billion dollar lawsuit. The US lawsuit illustrates how Facebook’s algorithms often recommend extremist groups and violent content in exchange for more customers. Credit: ZDNet

Leave a Reply

Your email address will not be published.