Daily NCSC-FI news followup 2021-05-04

Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ SentinelLabs has discovered five high severity flaws in Dell’s firmware update driver impacting Dell desktops, laptops, notebooks and tablets since 2009. Attackers may exploit these vulnerabilities to locally escalate to kernel-mode privileges. Dell has released a security update to its customers to address this vulnerability –

www.dell.com/support/kbdoc/fi-fi/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability. Also: threatpost.com/dell-kernel-privilege-bugs/165843/. Also:

www.forbes.com/sites/thomasbrewster/2021/05/04/warning-hundreds-of-millions-at-risk-from-12-year-old-vulnerabilities-lying-deep-in-dell-pcs/?sh=492ec6e263b3

Critical 21Nails Exim bugs expose millions of servers to attacks

www.bleepingcomputer.com/news/security/critical-21nails-exim-bugs-expose-millions-of-servers-to-attacks/ Critical vulnerabilities in the Exim mail transfer agent (MTA) software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations. All Exim versions released since 2004 are impacted. Qualys:

blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server/. Also:

therecord.media/21nails-vulnerabilities-impact-60-of-the-internets-email-servers/

Belgium’s government network goes down after massive DDoS attack

therecord.media/belgiums-government-network-goes-down-after-massive-ddos-attack/ Most of the Belgium government’s IT network has been down today after a massive distributed denial of service (DDoS) attack knocked offline both internal systems and public-facing websites. The attack targeted Belnet, a government-funded ISP that provides internet connectivity for Belgian government organizations, such as its Parliament, educational institutes, ministries, and research centers. Belnet:

status.belnet.be/incidents/71

Spectre attacks come back from the dead

blog.malwarebytes.com/exploits-and-vulnerabilities/2021/05/spectre-attacks-come-back-from-the-dead/ New research has discovered Spectre attacks that bypass existing mitigations. The research claims that all modern AMD and Intel chips with micro-op caches are vulnerable to Spectre-style attacks. The good news is that exploiting Spectre vulnerabilities isn’t easy. It will require an enormous amount of knowledge about the processor at hand and a lot of luck to find any specific information an attacker could be looking for.

Boystown, dark web child abuse image website with 400, 000 members, shut down by police

grahamcluley.com/boystown-dark-web-child-abuse-image-website-with-400000-members-shut-down-by-police/

You might be interested in …

Daily NCSC-FI news followup 2020-06-26

Cardplanet’ Operator Sentenced to 9 Years for Selling Stolen Credit Cards threatpost.com/cardplanet-operator-sentenced-stolen-credit-cards/156956/ The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases. Developer of Mirai, Qbot-based DDoS botnets jailed for 13 months www.bleepingcomputer.com/news/security/developer-of-mirai-qbot-based-ddos-botnets-jailed-for-13-months/ A 22-year-old Washington man was sentenced to 13 months in prison for renting and developing Mirai […]

Read More

Daily NCSC-FI news followup 2021-08-12

Microsoft confirms another Windows print spooler zero-day bug www.bleepingcomputer.com/news/microsoft/microsoft-confirms-another-windows-print-spooler-zero-day-bug/ Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. This vulnerability is part of a class of bugs known as ‘PrintNightmare, ‘ which abuses configuration settings for the Windows […]

Read More

Daily NCSC-FI news followup 2021-03-03

HAFNIUM targeting Exchange Servers with 0-day exploits www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.