The internet is on fire this week. The worst cybersecurity vulnerability of the last ten years (and perhaps more) has kicked the internet ant hill. Companies around the globe – big and small – are scrambling to repair a gaping hole in a ridiculously mundane but widely popular open source tool called Log4J. What it is and what does it mean for you? I’ll get into all of that today.

In other news: many popular wireless home routers are riddled with security bugs (update your firmware now); family “safety” app Life360 is selling your detailed location data; Consumer Reports released a comprehensive report on VPN security and privacy; Firefox just got a lot more secure; LastPass is once again an independent company; Apple released a lot of cool security and privacy features for iOS and macOS; and Verizon just opted you into a program for tracking you – and how you can opt out. (I’ll touch on T-Mobile and AT&T tracking, too.)

1. Op-Ed: What a house cat can teach us about cybersecurity https://www.latimes.com/opinion/story/2021-11-07/op-ed-what-a-house-cat-can-teach-us-about-cybersecurity 
   
2. Nine WiFi routers used by millions were vulnerable to 226 flaws https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/ 
   
3. The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users https://themarkup.org/privacy/2021/12/06/the-popular-family-safety-app-life360-is-selling-precise-location-data-on-its-tens-of-millions-of-user 
   
4. Consumer Reports exhaustive report on VPNs https://www.consumerreports.org/vpn-services/mullvad-ivpn-mozilla-vpn-top-consumer-reports-vpn-testing-a9588707317/ 
   
5. The new Firefox 95 might be the most secure web browser on the market https://www.techrepublic.com/article/the-new-firefox-95-might-be-the-most-secure-web-browser-on-the-market/ 
   
6. The Log4Shell 0-day, four days on: What is it, and how bad is it really? https://arstechnica.com/information-technology/2021/12/the-log4shell-zeroday-4-days-on-what-is-it-and-how-bad-is-it-really/ 
   
7. Widely-Used Kronos Payroll Provider Down for “Weeks” Due to Ransomware Attack; Was Log4Shell Involved? https://www.cpomagazine.com/cyber-security/widely-used-kronos-payroll-provider-down-for-weeks-due-to-ransomware-attack-was-log4shell-involved/ 
   
8. LastPass is going to become an independent company https://www.theverge.com/2021/12/14/22833319/lastpass-independent-company-logmein
   
9. How to Use App Privacy Report in the iOS 15.2 Beta https://www.macrumors.com/guide/app-privacy-report/
   
10. iOS 15.2 Beta 2 Lets Your Family Access Your Data If You Pass Away https://www.macrumors.com/2021/11/09/ios-15-2-legacy-contact/ 
    
11. Hide My Email Available in Mail App With New iOS 15.2 and macOS Monterey 12.1 Betas https://www.macrumors.com/2021/11/09/macos-monterey-12-1-beta-2-hide-my-email/ 
    
12. iOS 15.2 Beta Adds Messages Communication Safety Feature for Kids https://www.macrumors.com/2021/11/09/apple-messages-communication-safety-ios-15-2/ 
    
13. Verizon May Have Just Enrolled You in a Data-Collection Scheme–Here’s How to Get Out https://gizmodo.com/verizon-may-have-just-enrolled-you-in-a-data-collection-1848156157 
    

• Still looking for holiday gifts? https://firewallsdontstopdragons.com/best-worst-gifts-2021/
  
• Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/
  
• Become a Patron! https://www.patreon.com/FirewallsDontStopDragons 
  
• Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker
  
• Generate secure passphrases! https://d20key.com/#/