Here’s what cybersecurity watchers want infosec pros to know heading into 2022.

https://threatpost.com/5-cybersecurity-trends-2022/177273/

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.

https://threatpost.com/toy-christmas-spying/177288/

The year wasn’t ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.

https://threatpost.com/2021-log4j-year-review-funny-cybersecurity/177215/

Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain.

https://threatpost.com/global-cyberattacks-nation-state-threats/177253/

A look back at what was hot with readers in this second year of the pandemic.

https://threatpost.com/5-top-threatpost-stories-2021/177278/

The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities.

https://threatpost.com/microsoft-azure-zero-day-source-code/177270/

A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.

https://threatpost.com/all-in-one-seo-plugin-bug-threatens-3m-websites-with-takeovers/177240/

Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects.

https://threatpost.com/apache-httpd-server-bugs-rce-dos/177234/

Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack.

https://threatpost.com/microsoft-teams-bugs-vulnerable-march/177225/

Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.

https://threatpost.com/domain-admin-accounts-scan-network/177194/

There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.

https://threatpost.com/java-supply-chain-log4j-bug/177211/

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.

https://threatpost.com/active-directory-bugs-windows-domain-takeover/177185/

APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.

https://threatpost.com/zoho-zero-day-manageengine-active-attack/177178/

Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.

https://threatpost.com/conti-ransomware-gang-has-full-log4shell-attack-chain/177173/

The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.

https://threatpost.com/third-log4j-bug-dos-apache-patch/177159/

Meta, Facebook’s parent company, said that the seven banned actors run fake accounts on its platforms to deceive users and plant malware on targets’ phones.

https://threatpost.com/facebook-bans-spy-hire/177149/

The discovery, which affects services running as localhost that aren’t exposed to any network or the internet, vastly widens the scope of attack possibilities.

https://threatpost.com/new-log4shell-attack-vector-local-hosts/177128/

More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.

https://threatpost.com/log4j-attacks-state-actors-worm/177088/

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.

https://threatpost.com/sap-log4shell-vulnerability-apps/177069/

Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.

https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/