Hello, welcome to the Thursday, December 30th, 2021 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Well, the big news today is we don't have a new version of Log 4J.

We are still at 217 as the latest version.

And just to summarize all the different versions of Log 4J, depending on what Java version

you are running, and also what each version is vulnerable to.

Russ put together a little table just summarizing the recent Log 4J activity.

So you may find that helpful if you're trying to explain what the purpose of each one of these upgrades is.

Well, somewhat related to Log 4J, Microsoft Defender for Endpoint apparently is giving you some false positives slash unclear warnings if you're running

Windows server 2016. So if you're seeing these possible sensor tampering in memory warnings,

that's likely caused by Microsoft 365 Defender scanning 4-4J processes.

Pleeping computer summarized some of the posts from users, also Microsoft's response.

Apparently they're working on a fix for this problem.

And T-Mobile is warning some of its customers of a potential sim-swapping attack.

This is when an attacker is essentially registering a new phone for your account in order to

then intercept messages. Sim-swapping is often sort of a one-off attack if an attacker is able to social engineer, for example,

a phone company in order to add that new phone to an account. But there have been instances

where it has happened in larger numbers. And this may be one of these instances. Sometimes this

involved data leaked in breaches. Sometimes it's also insiders

that cooperated with attackers in order to facilitate sim swapping. Not a lot of detail yet

from T-Mobile, but if you got one of these messages, well, that's what it's about. And yes, you should probably not use

SMS as a second factor for high value accounts, in particular when it comes to high value accounts,

...