The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.

https://threatpost.com/apache-log4j-log4shell-mutations/176962/

Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.

https://threatpost.com/maldocs-malicious-office-documents-human-vulnerability/176916/

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”

https://threatpost.com/zero-day-in-ubiquitous-apache-log4j-tool-under-active-attack/176937/

Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.

https://threatpost.com/active-attack-takeover-wordpress/176933/

The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.

https://threatpost.com/extortion-karakurt-threat-ransomware/176911/

The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said.

https://threatpost.com/mikrotik-routers-cybercriminal-target/176894/

Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned.

https://threatpost.com/moobot-botnet-hikvision-surveillance-systems/176879/

DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike’s arsenal.

https://threatpost.com/tactics-attackers-stealthy-c2/176853/

Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances.

https://threatpost.com/critical-sonicwall-vpn-bugs-appliance-takeover/176869/

Researchers have found a number of high-security vulnerabilities in third-party driver software – bugs that originated in a library created by network virtualization firm Eltima – that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that […]

https://threatpost.com/aws-cloud-services-flaws-eltima/176852/

There’s an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.

https://threatpost.com/windows-10-rce-url-handler/176830/

The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned.

https://threatpost.com/cuba-ransomware-gang-44m-payouts/176790/

It’s unknown who’s behind the cyberattacks against at least nine employees’ iPhones, who are all involved in Ugandan diplomacy.

https://threatpost.com/pegasus-spyware-state-department-iphones/176779/

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll!

https://threatpost.com/cloud-security-challenges-poll/176702/

Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio.

https://threatpost.com/threat-group-takes-aim-again-at-cloud-platform-provider-zoho/176732/

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.

https://threatpost.com/retail-woocommerce-sites-plugin-xss-bug/176704/

Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. This is a significant step forward for data integrity and consumer privacy. However, organizations […]

https://threatpost.com/decryption-improve-security/176613/

The insurer won’t pay for ‘acts of cyber-war’ or nation-state retaliation attacks.

https://threatpost.com/lloyds-cyber-insurance-exclusions/176669/

IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.

https://threatpost.com/ikea-email-reply-chain-attack/176625/

A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.

https://threatpost.com/unpatched-windows-zero-day-privileged-file-access/176609/