Invinsense Cybersecurity Newsletter 21-Dec-21

Patch Notes

• SonicWall Urges Customers to Immediately Patch Critical SMA 100 Flaws
• Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware
• Update Google Chrome to Patch New Zero-Day Exploit Detected in the Wild

Cyber Attacks

• 1.6 million WordPress sites targeted in the last couple of days
• Microsoft Vancouver leaking website credentials via overlooked DS_STORE file
• Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials

Malware and Vulnerabilities

• BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild
• Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
• Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan

Cyber Tech

• OWASP ModSecurity Core Rule Set sandbox launched to help security researchers test new CVEs
• AWS launches its second Top Secret region
• How to use the iPhone’s new App Privacy Report