December 20, 2021
David Redekop

TWINN Security News December 20

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Patch fixing critical Log4J 0-day has its own vulnerability that’s under exploit. Oh boy. This log4j problem will be with us for a while. It’s what cyber criminals consider that gift that will keep on giving.

New Log4j Patch Released to Fix DoS Flaw. This is an important additional patch to apply for those that have already been patching log4j.

What we are seeing now as a trend is that criminals are looking to take advantage of the lack of egress control across systems with valuable data to exploit. In this case, Zero Trust Connectivity again is our best mitigation for forward-looking exploits that are yet to be discovered.

Backdoor gives hackers complete control over federal agency network. What is interesting about this attack is that it was stealthy to evade firewalls and network monitoring. However, in a Zero Trust Connectivity environment, such exfiltration would have been impossible.

Defense Department blocks ads to counter malvertising, official tells Congress. While we don’t hear much about Google’s billion or so malicious ads served each year, this just confirms what our audience has known for years. Third party advertisements are a high risk and also turns out is one of the easiest threats to eliminate via network-based ad blocking.

This USB ‘kill cord’ can instantly wipe your laptop if snatched or stolen. Your risk model may not warrant this kind of defensive behaviour, but it’s nice to know there are operational security products like this in existence now.

Did you know? 

The adam:ONE® assist app is out for macOS and iOS which enhances Zero Trust Connectivity environment on Apple’s platform.

For a video version of this see

Need an IT professional? Request service today.