It seems that Amazon’s hotfix for Log4Shell in their AWS environment might have been a bit rushed. According to a review of the hot there are a total of four CVEs specifically related to the hotfix and how it functions. CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, and CVE-2022-0071 have a CVSS score of 8.8 and allow for privilege escalation and container escape. It is not often that a fix for one bad bug contains a potentially worse one, but here we are.

The breach of IDAM group Okta in January by the self-promoting group Lapsus$ amidst other high-profile breaches and data leaks this year was a significant concern. The concern rose because when the incident first happened, Okta passed it off as an unsuccessful attempt to breach a third-party vendor’s system that had access to Okta systems. However, in March the Lapsus$ group released screenshots of internal systems including what appeared to be Okta’s superuser system.

CISA has issued another warning that SCADA/ICS systems are being targeted for attack. This time they are in the sights of Nation-State groups and with customized tools. The tools are part of follow-on activities after the initial beachhead has been established. These days gaining initial access to a network, even for infrastructure, does not seem to be a difficult task for nation-state groups.

2022 has been a busy year for the information security industry on both sides of the playing field. We have seen an increase in target attacks on businesses, a larger number of Zero-Day vulnerabilities disclosed that were being actively exploited in the wild, several major companies had data stollen and leaked, and we cannot forget the threat actor war going on over the Russian Invasion of Ukraine. With all these items, law enforcement agencies have also been very busy with the seizure and shut down of two major “hacker” marketplaces, Hydra and RaidForums.