Posted on

5G Aviation Safety Concerns

Boeing and Airbus warn US over 5G safety concerns

Bosses from the world’s two biggest plane makers have called on the US government to delay the rollout of new 5G phone services.

In a letter, top executives at Boeing and Airbus warned that the technology could have “an enormous negative impact on the aviation industry.”

Concerns have previously been raised that C-Band spectrum 5G wireless could interfere with aircraft electronics.

US telecoms giants AT&T and Verizon are due to deploy 5G services on 5 January. Get the fully report here

Posted on

Log4Shell 0-Day Attacks Underway; Patch Immediately

CISA releases Apache Log4j scanner to find vulnerable apps, 5:31p.m., December 21, 2021 (Update)

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Log4Shell is a 0-day vulnerability in the Log4j Java library that allows attackers to download and run scripts on targeted servers, leaving them open to complete remote control. After a user posted a proof-of-concept (PoC) on Twitter, Bitdefender’s honeypots started to register attacks using the PoC, underlining just how severe this vulnerability is.

Log4j is not just another Java library. It’s embedded in servers and services from all over the world, used by companies such as Apple, Amazon, Cloudflare, Steam, various Apache server types, ElasticSearch, and many others.

As 0-day vulnerabilities go, Log4Shell (CVE-2021-44228) has a 10/10 rating, which means that attackers can remotely exploit it without any input from the victim, and it doesn’t require high-level technical expertise to pull it off.

The Apache Software Foundation issued an emergency patch, and now Log4j 2.15.0 is available to everyone.

Get the Log4j 2.15.0 Patch Now

/about-us/

“JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default,” explain the developers in the release notes.

It’s difficult to estimate the massive impact Log4Shell will have because historically patches (even for high-severity threats) take time for everyone to apply, if ever. We commonly see attacks successfully executed using fixed vulnerabilities that are two or three years old.

Immediately after the Log4Shell PoC was released, adversaries started scanning the Internet, looking for vulnerable targets. Bitdefender honeypots are seeing attackers trying to compromise different web services. The number of total scans using Log4Shell has increased three-fold in a single day meaning we most likely are just at the beginning. While most scans don’t have a particular target, around 20 percent of the attempts seem to search for vulnerable Apache Solr services.

When Bitdefender’s global honeypot network experiences a marked spike in activity, it usually means attackers are actively looking for ways to weaponize a newly discovered vulnerability as soon as possible. Most of the scans we are seeing now are coming from Russia-based IP addresses.

Bitdefender recommends all companies using the Log4j library upgrade as soon as possible to the latest version. The traffic generated in the honeypots indicates that attackers know about the vulnerability and how widespread the library is. We believe we’re witnessing only the start of a very long campaign.

Author: Silviu STAHIE for Bitdefender

Posted on

San Diego School District Data Breach Hits 500k Students

A phishing attack led to the data breach of students’ social security numbers, addresses, and more.

A phishing attack against California’s San Diego Unified School District has led to hackers scooping up Social Security numbers and addresses of more than 500,000 students and staff.

S911 Cyber AI Security

Hackers Data Breach Equifax For 76 Days Before Being Discovered

The district became aware of the breach Oct. 2018. The actual breach occurred between January 2001 and November 2018, a spokesperson said. The district reported that it was first alerted to “multiple reports of phishing emails,” which were used to gather log-in information of staff members throughout the district.

Hackers then used that log-in data to access the social security numbers and first and last names of student and staff, as well as their date of birth, mailing address, home address and phone number.

S911 Cyber AI Security

“The data file contained information on students dating back to the 2008-09 school year, or more than 500,000 individuals,” according to a notification on the San Diego Unified School District’s website on Friday. “For that reason, all of those individuals have been notified of the incident. Additionally, some 50 district employees had their log-in credentials compromised as part of the phishing operation. All students and staff who had their information accessed have been alerted by district staff.”

The San Diego Unified School District serves more than 121,000 students and is the second largest school district in California.

Other accessed information included:

-Student enrollment information like schedule, discipline incident information, health information, attendance records, transfer information, legal notices on file, and attendance data

-Student and selected staff State Student ID Number

-Student and staff parent, guardian and emergency contact personal identifying information (including first and last name, phone numbers, address, email address, employer information)

-Selected staff benefits information

-Selected staff payroll and compensation information (including viewable paychecks and pay advices, deduction information, tax information, direct deposit financial institution name, routing number and account number, salary and leave information)

The district said that police have identified “a subject of the investigation” and blocked all stolen credentials; however, they could not comment more due to the ongoing nature of the investigation. Meanwhile, staff members whose accounts were compromised had the security on their accounts reset.

The San Diego Unified School District did not immediately respond to a request for comment from Threatpost.

Earlier this month, hackers launched a phishing attack against the Cape Cod Community College, and made away with at least $800,000 from the school’s bank accounts, according to The Boston Globe.

Phishing has continued to be an easy – but effective – tactic for hackers to access credentials and use them to log in to systems. In fact, the technique has increased in popularity during the holiday season, according to researchers at Proofpoint.

The best way to counter this technique, according to Tim Erlin, vice president of product management and strategy at Tripwire, is to have complete and comprehensive logs from all systems.

Cyber Resilience

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

“Phishing remains a major avenue for initial compromise,” he said in an email. “When planning security controls, it’s important to consider not only what an attacker might do, but also what an attacker with authorized access might do.”

Source: Threatpost – Lindsey O’Donnell

About Us