Links:
Has its own vulnerability that’s actively under exploit: https://arstechnica.com/information-technology/2021/12/patch-fixing-critical-log4j-0-day-has-its-own-vulnerability-thats-under-exploit/

Google Project Zero deep dive into the NSO group’s iMessage exploit: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

Three flaws: https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html

How to customize behavior of AWS Managed Rules for WAF: https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/

Using AWS security services to protect against, detect, and respond to the Log4j vulnerability: https://aws.amazon.com/blogs/security/using-aws-security-services-to-protect-against-detect-and-respond-to-the-log4j-vulnerability/

Update for Apache Log4j2 Issue: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

An innocent question: https://Twitter.com/QuinnyPig/status/1473382549535662082?s=20

TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it’s nobody in particular’s job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Announcer: Are you building cloud applications with a distributed team? Check out Teleport, an open-source identity-aware access proxy for cloud resources. Teleport provides secure access for anything running somewhere behind NAT: SSH servers, Kubernetes clusters, internal web apps, and databases. Teleport gives engineers superpowers. Get access to everything via single sign-on with multi-factor, list and see all of SSH servers, Kubernetes clusters, or databases available to you in one place, and get instant access to them using tools you already have. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. And best of all, Teleport is open-source and a pleasure to use. Download Teleport at goteleport.com. That’s goteleport.com.Corey: The burning yule log that is the log4j exploit and its downstream issues continues to burn fiercely. Meanwhile the year winds down, and it’s certainly been an eventful one. I’ll talk to you next week because that is what I do.Now, let’s see from the community what happened. The patch to fix the log4j vulnerability apparently has its own vulnerability that’s actively under exploit. Find your nearest InfoSec friend and buy them a beer or forty because this is going to suck for a long time and basically ruin everyone’s holiday.Also, I’ve seen the most hair-raising thing I can remember in InfoSec-land, which is the Google Project Zero deep dive into the NSO group’s iMessage exploit. Seriously, this thing requires no clicks on the part of the victim, the exploit uses a bug in the GIF processing inherent to iMessage to build a virtual CPU and assembly instruction set. There is no realistic defense against this short of hurling your phone into the sea, which I heartily recommend at this point as a best practice.Oh, and everything is on fire and somehow worse. There are now at least three flaws in the log4j library that we’re counting, so far. Everything is terrible and we clearly should never log anything again.Corey: This episode is sponsored in part by my friends at Cloud Academy. Something special for you folks: If you missed their offer on Black Friday or Cyber Monday or whatever day of the week doing sales it is, good news, they’ve opened up their Black Friday promotion for a very limited time. Same deal: $100 off a yearly plan, 249 bucks a year for the highest quality cloud and tech skills content. Nobody else is going to get this, and you have to act now because they have assured me this is not going to last for much longer. Go to cloudacademy.com, hit the ‘Start Free Trial’ button on the homepage and use the promo code, ‘CLOUD’ when checking out. That’s C-L-O-U-D. Like loud—what