Monday Dec 20, 2021

Holon Network Podcast for 2021-12-13

In The News This Week

1 Bitcoin equals $46,864.50 United States Dollar 

https://www.coindesk.com/price/bitcoin   

Gold Price Per Ounce $1,796.20 

https://www.apmex.com/gold-price   

Oil Price Per Barl $71.33  

https://markets.businessinsider.com/commodities/oil-price?type=wti   

1 Dogecoin equals $0.1574 USD 

https://coinmarketcap.com/currencies/dogecoin/

This Week In Vulnerabilities:

Vulnerability Summary for the Week of December 6, 2021

https://www.cisa.gov/uscert/ncas/bulletins/sb21-347

 

Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package

https://www.lunasec.io/docs/blog/log4j-zero-day/

 

LunaSec Guide to Log4J

https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/

 

Facing cybersecurity threats, Quebec shuts down government websites for evaluation

https://www.cbc.ca/news/canada/montreal/quebec-cybersecurity-threat-government-website-1.6283133

 

BHIS - Talkin' Bout [infosec] News 2021-12-13 | The Floor is Java

https://www.youtube.com/watch?v=igoDXnkYDy8

 

Diagrams for the #Log4j #Log4Shell that can help people discuss things. Hope this helps

https://twitter.com/mubix/status/1470430085169745920 

 

https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability

 

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 

current running list of affected software and what companies has made a post about it

 

for the c-level 2 questions are going to ask: 

How many machines have this installed? 

How many are compromised and talking with the outside world? 

Get your Zeek logs and search for Java, and it will answer both of those questions

 

SheHacksPurple: Log4J explained for Software Developers and AppSec Folks

https://www.youtube.com/watch?v=-LcgOCcP7Hs 

 

How Log4J Works and Detecting It In Your Environment (DEMO AND TOOLS)

https://www.youtube.com/watch?v=GvS-V27kFps 

 

https://hub.crowdsec.net/author/crowdsecurity/configurations/apache_log4j2_cve-2021-44228 

 

This Week In Privacy Or Lack Thereof:

Swiss tech company boss accused of selling mobile network access for spying

https://www.thebureauinvestigates.com/stories/2021-12-06/swiss-tech-company-boss-accused-of-selling-mobile-network-access-for-spying

 

Ukraine Arrests 51 For Selling Data of 300 Million People In US, EU

https://yro.slashdot.org/story/21/12/13/2128259/ukraine-arrests-51-for-selling-data-of-300-million-people-in-us-eu 

This Week In Security:

Microsoft says it took over servers being used by China-based hacking group Nickel

https://www.theverge.com/2021/12/7/22822255/microsoft-hackers-china-nickel-apt15

 

iOS 15.2 and macOS 12.1 add several previously delayed features 

https://arstechnica.com/gadgets/2021/12/apples-ios-15-2-and-macos-12-1-updates-hit-supported-devices-today/

Miscellaneous Stories:

Hackers Are Spamming Businesses’ Receipt Printers With ‘Antiwork’ Manifestos

https://www.vice.com/en/article/qjbb9d/hackers-are-spamming-businesses-receipt-printers-with-antiwork-manifestos

 

Toyota owners have to pay $8/mo to keep using their key fob for remote start

https://arstechnica.com/cars/2021/12/toyota-owners-have-to-pay-8-mo-to-keep-using-their-key-fob-for-remote-start/

Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright 2022 All Rights Reserved

Podcast Powered By Podbean

Version: 20221013