Cyber Weekly Digest - Week #51

Updated: Jan 7

Although 2021 is coming to an end, threat actors are working harder than ever. In this week’s cyber weekly digest, we’ll dive into a ransomware attack on Sainsbury’s payroll provider and more on the Log4Shell vulnerability. Keep reading to stay up to date on the latest cyber security stories.

1. The Apache Log4j vulnerability is being used in millions of attacks.

Log4Shell is an unauthenticated RCE vulnerability that allows complete system takeover on systems with Log4j 2.0-beta9 up to 2.14.1, which was disclosed this week. Since then, it has been discovered that attackers have launched more than 1.8 million attacks on half of all corporate networks. BitDefender also reported that they found the first ransomware family being installed directly via Log4Shell exploits later this week. Apache has released Log4j 2.15.0 to address the maximum severity CVE-2021-44228 RCE vulnerability and urges those using the library to upgrade to the latest release ASAP.

2. Apple has released an iOS update that patches multiple vulnerabilities.

Apple on Monday released updates to iOS, macOS, tvOS, and watchOS with security patches for multiple vulnerabilities. The vulnerabilities include a remote jailbreak exploit chain and several critical issues in the Kernel and Safari web browser. In total, Apple fixed five Kernel and four IOMobileFrameBuffer flaws.

3. Cyber attack on BHG opioid treatment network disrupts patient care.

Opioid treatment network Behavioral Health Group (BHG) suffered a cyberattack that led to an almost week-long disruption of IT systems and patient care. BHG is one of the largest networks of outpatient opioid treatment centres in the USA. While BHG has not disclosed the nature of the incident, it was likely caused by a ransomware attack, although there is no evidence that patient data had been stolen in the attack.

4. Swedish carmaker Volvo discloses security breach.