2021 has been a complete nightmare for corporate security departments. And 2022 does not exactly begin with the best of feet, with a critical vulnerability of Apache Log4j, which, as we told you in the first MuySeguridad Recaps of this year, puts a large part of the Internet at risk.
It is not the only thing we want to tell you. We also highlight how Lastpass, one of the most popular password managers on the Internet, is facing a reputational crisis due to the alleged leak of some master passwords, or that Twitter has once again suffered a serious attack on its verified accounts.
In the more practical field we tell you how to establish a good recovery policy against possible disasters and the steps you must take to have a good Plan B when the worst happens. We started!
The 10 worst cybersecurity incidents in 2021
The introduction of malware on all types of platforms that we have seen during the last five years is taking hold. Viruses, Trojans, worms and all kinds of specimens find cracks to sneak through, especially using software vulnerabilities that either take a long time to patch or the neglect of companies and users to patch them cause a leak. Regarding the type of attack, Ransomware has finished rising as the worst threat in global cybersecurity.
Critical Apache Log4j Vulnerability Puts Much of the Internet at Risk
Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting Apache Log4j. Based on Java, it is a widely used registry library, which could be used as a weapon to execute malicious code and allow a complete take over of vulnerable systems.
LastPass and the alleged compromise of your master password
LastPass is one of the most widely used password managers in the industry. In recent days, user groups have reported that their master passwords had been compromised (allegedly) after receiving email warnings that someone has tried to use them to log into their accounts from unknown locations. However, not everything is as clear as it may seem.
How to establish a good disaster recovery policy
Put in place an effective backup policy, be able to respond quickly to a ransomware attack, or ensure uninterrupted business continuity. These are just a few of the reasons companies are increasingly concerned about investing in disaster recovery technologies… because when the worst happens, having a plan B that can be put into action immediately is vitally important.
Twitter: new phishing attack on verified accounts
Verified Twitter accounts have long been a really sweet target for cybercriminals. Why? Because there are still many users who give enormous credibility to this distinction. We could already see it in the summer of last year, when there was one of the most notorious attacks that the social network has suffered. And it is that the attackers took control of the accounts of well-known people and companies, all of them verified, with which in a few hours they managed to get hold of $ 180,000.
«DarkWatchman», a RAT that manipulates the Windows Registry for Ransomware attacks
DarkWatchman is a remote access Trojan that is distributed through a spear-phishing campaign and stands out for using a unique manipulation of the Windows Registry to evade most security detections, which demonstrates a significant evolution in the techniques of fileless malware.
VU prepares to conquer Europe … from Spain
VU wants to make Spain its hub of operations for its expansion in Europe. The company, specialized in the protection of identities to prevent digital fraud, confirms that after becoming strong in Latin America, the time has come to conquer the old continent. For this, the company has explained that it will constitute a hub in Spain intensifying its operations from 2022, which, among other things, will entail doubling its workforce.
