Another log4j patch to install, a U.S. commission’s IT network allegedly compromised, and more.
Welcome to Cyber Security Today. It’s Monday December 20th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
 |
 |
 |
The log4j vulnerability crisis keeps on going. Now there’s a new patch for the bug that developers and application maintainers have to install. The latest version is 2.17, which fixes another serious problem. It probably won’t be the last update. And security researchers have discovered another way the vulnerability can be leveraged. Researchers at a firm called Blumira say a Javascript WebSocket connection through a browser can spread an infection. There are ways of mitigating this, which are explained in a detailed article of mine on ITWorldCanada.com.
A backdoor has been installed on the IT network of a U.S. federal government commission, says security firm Avast. It makes the allegation on the basis of digital files it has seen. The news site The Record says the agency is the United States Commission on International Religious Freedom. It makes policy recommendations to Washington, so it could have sensitive information on human rights violations in other countries. One of the suspect network files takes advantage of a legitimate packet capturing utility and can run malicious code. The other can decrypt a file. The Record and Avast say the commission hasn’t replied to their requests for comment.
Credit card information has been stolen on 1.8 million people who shopped at four U.S. sporting equipment websites. This is according to notices posted with Maine’s attorney general’s office, which requires companies to file information when personal data of Maine residents is stolen. The four websites share a common address in a city in Georgia. The sites are Tackle Warehouse, Running Warehouse, Tennis Warehouse and Skate Warehouse. Data stolen includes cardholder names, credit or debit card numbers and the CVV verification numbers for each of the 1.8 million cards.
Attention small business and home users of Western Digital’s My Cloud online storage service. The company warns that older versions of the platform won’t be supported starting January 15th. If you’re on My Cloud OS 3 and previous, you’ve got to upgrade to OS 5 if you want the remote access capability. Also note that after April 15th Western Digital will only support My Cloud OS 5 going forward.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
