This week on the Kaspersky Transatlantic Cable podcast, our good friend Ahmed is a bit under the weather, so we return temporarily to our original podcast lineup.
We jump right in with the story everyone’s been talking about: Log4J. We start out with an overview of what is going on there and then hop into a second story about botnets leveraging the vulnerability. After that, we discuss a case of fat fingers causing an NFT to be sold for $3,000 — sounds like no big deal, but it was valued at $300,000. Once that cheap sales went through, the item was flipped for a whole lot more money. Talk about an oopsie.
This log4j (CVE-2021-44228) vulnerability is extremely bad. Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string. So far iCloud, Steam, and Minecraft have all been confirmed vulnerable.
— Marcus Hutchins (@MalwareTechBlog) December 10, 2021
From there, our discussion shifts to Instagram. Prior to its grilling by the US Congress, the social network announced some changes to the platform. The changes aim to improve users’ experiences and avoid some of the associated harms such as bullying, damage to self-image, and more. Dave and I debate a bit whether it’s just a PR stunt or something that will really benefit society.
Our fourth story has us diving into a lawsuit Google filed against some hackers. The problem is that it appears largely symbolic.
For our final story, we head to China, where a man stole more than $20,000 from an ex-girlfriend by unlocking her phone and bank account while she was sleeping — creepy! And to close out the podcast for the year, we offer some tips for anyone who gets new electronics over the holidays.
If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below:
- Log4j RCE activity began on December 1 as botnets start using vulnerability
- Where the latest Log4Shell attacks are coming from
- Bored Ape NFT accidentally sells for $3,000 instead of $300,000
- Instagram announces changes ahead of political grilling
- Google sues alleged Russian cyber criminals
- Man stole $23K using ex’s phone through facial recognition while she slept: report