Here are few things

Apache Log Bug (s….) Bad things come in threes: Apache reveals another Log4J bug Third major fix in ten days is an infinite recursion flaw rated 7.5/10 see https://www.theregister.com/2021/12/19/log4j_new_flaw_cve_2021_45105/

And IoT not getting any better: Security vendor F-Secure has faked a COVID test result on a Bluetooth-equipped home COVID Test. Thankfully the vendor’s since fixed the device. see https://www.theregister.com/2021/12/22/ellume_home_covid_test_cracked/

Happy Birthday to KrepsOnSecurity!  Maybe “celebrate” is too indelicate a word for a year wracked by the global pandemics of COVID-19 and ransomware. Especially since stories about both have helped to grow the audience here tremendously in 2021. But this site’s birthday also is a welcome opportunity to thank you all for your continued readership and support, which helps keep the content here free to everyone. Keep up the fine work Brian! More here: https://krebsonsecurity.com/