December Threat Intelligence Report

Jan 18, 2022

It is not often that the prominent threats for a month of the year are so unified under one theme, but for December that is undoubtedly the case and its exploitation of remote services. Those of us who celebrate it had barely finished digesting our Thanksgiving turkey when the critical vulnerability in Apache's Log4J tool was discovered that allowed for highly damaging zero-day exploits via remote code execution.

The scramble to fix, patch, and deter this seemingly ever-changing flaw in a widely used logging library tested security operations around the world. During this time, we also saw holes in Microsoft Active Directory, Exchange, and Teams allowing for attacker execution of code for a variety of malicious purposes including denial of service and domain takeover.

Additional threat campaigns active this month were largely phishing-based and aimed at information stealing. Head here for all of CyZen's threat intelligence for December.

Read the Article

Message Us 212.842.7005

Sign up for Our Blog!

* All fields are required

By choosing to submit data, you are agreeing to the storage and usage of your contact information to deliver the requested services.