News – May 2021

  • Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

    May 5, 2021

    Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code and pivot to other parts of the network for lateral movement, according to ...

  • The UNC2529 Triple Double: A Trifecta Phishing Campaign

    May 4, 2021

    In December 2020, Mandiant observed a widespread, global phishing campaign targeting numerous organizations across an array of industries. Mandiant tracks this threat actor as UNC2529. Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat actor appears experienced and well resourced. This blog post will discuss the ...

  • Biden Administration Drafting EO to Help U.S. Government Secure Digital Supply Chain

    May 3, 2021

    Biden Administration Drafting EO to Help U.S. Gov’t Secure Digital Supply Chain The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks. A Step Up for Federal Procurement According to NPR, the executive order that’s being drafted will include several initiatives designed to strengthen the ...

  • Spam and phishing in Q1 2021

    May 3, 2021

    In Q1 2021, new banking scams appeared alongside ones that are more traditional. Clients of several Dutch banks faced a phishing attack using QR codes. The fraudsters invited the victim to scan a QR code in an email, ostensibly to unblock mobile banking. In actual fact, scanning the code resulted in a data leak, money ...

  • PoC exploit released for Microsoft Exchange bug dicovered by NSA

    May 3, 2021

    Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency (NSA) reported to Microsoft and received a fix in April. Read more… Source: Bleeping Computer  

  • N3TW0RM ransomware emerges in wave of cyberattacks in Israel

    May 3, 2021

    A new ransomware gang known as ‘N3TW0RM’ is targeting Israeli companies in a wave of cyberattacks starting last week. Israeli media Haaretz reported that at least four Israeli companies and one nonprofit organization had been successfully breached in this wave of attacks. Read more… Source: Bleeping Computer  

  • San Diego: Scripps Health Cyberattack Causes Widespread Hospital Outages

    May 3, 2021

    Scripps Health, a hospital network based in San Diego, was hit by a cyberattack over the weekend, forcing some critical-care patients to be diverted, according to the San Diego Union-Tribune. Scripps acknowledged the attack in a statement but didn’t specify whether it was a ransomware incident. It’s also unknown whether the adversaries compromised any patient records ...

  • New Buer Malware Downloader Rewritten in E-Z Rust Language

    May 3, 2021

    A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Using the increasingly popular, efficient and easy-to-use Rust programming language will ...

  • iOS 14.5.1 update includes security fixes for actively exploited bugs

    May 3, 2021

    Apple on Monday released iOS 14.5.1 and iPadOS 14.5.1 for its iPhone and iPad lineup. The update comes just a week after iOS 14.5 and iPadOS 14.5 were officially released, but there’s a good reason for the back-to-back updates: It includes a fix for two security issues that, according to Apple, are actively being used. According ...

  • Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool

    May 3, 2021

    Hewlett Packard Enterprise (HPE) is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer’s cloud infrastructure. Rated critical, with a CVSS score of 9.8, the bug impacts all versions of HPE’s Edgeline Infrastructure Manager (EIM) prior ...