This week's episode covers North Korea hacking Russia, malware in SSD hard drives, a USB drive warning, and the Log4Shell exploits continue.

North Korean Hackers Start New Year with Attacks on Russian Foreign Ministry

The Hacker News

Attack Type:

What To Know:  North Korea is launching targeted cyber-attacks against Russia’s Ministry of Foreign Affairs.

Why You Should Care:  North Korea is bold, has respectable offensive cyber warfare capabilities, and will use them against the United States if they deem it necessary or advantageous.

Firmware attack can drop persistent malware in hidden SSD area

Bleeping Computer

Attack Type: 

What To Know:  Solid state hard drives have a “hidden” area that can be used to hide malicious code.

Why You Should Care: The use of solid-state drive technology has become widespread and may constitute a risk to your organization.

FBI warns cybercriminals have tried to hack US firms by mailing malicious USB drives

CNN

Attack Type: 

What To Know:  ^^^^ Notice that I put human stupidity twice.  Hackers are using USPS to snail mail thumb drives to businesses, which have viruses on them.  The thumb drives are labeled as being from reputable organizations.

Why You Should Care:  People still need to be trained in the handling of USB drives.  And then trained again.  No one should be using an uncontrolled USB drive, any more than they should be taking pills out of an unlabeled bottle.

Log4j flaw attack levels remain high, Microsoft warns

ZDNet

Attack Type: 

What To Know:  Log4j was one of the big cybersecurity news items for 2021, so big in fact that the MSM covered it as well.  This is a nasty bug that is still widespread. Your network NEEDS proper patch and vulnerability management.  Now.

Why You Should Care:  If you are running Apache Web Server, it is highly probable this bug affects you.  It is extremely easy to exploit, and hackers can cause extreme damage to your business.