Daily NCSC-FI news followup 2021-05-04

Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ SentinelLabs has discovered five high severity flaws in Dell’s firmware update driver impacting Dell desktops, laptops, notebooks and tablets since 2009. Attackers may exploit these vulnerabilities to locally escalate to kernel-mode privileges. Dell has released a security update to its customers to address this vulnerability –

www.dell.com/support/kbdoc/fi-fi/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability. Also: threatpost.com/dell-kernel-privilege-bugs/165843/. Also:

www.forbes.com/sites/thomasbrewster/2021/05/04/warning-hundreds-of-millions-at-risk-from-12-year-old-vulnerabilities-lying-deep-in-dell-pcs/?sh=492ec6e263b3

Critical 21Nails Exim bugs expose millions of servers to attacks

www.bleepingcomputer.com/news/security/critical-21nails-exim-bugs-expose-millions-of-servers-to-attacks/ Critical vulnerabilities in the Exim mail transfer agent (MTA) software allow unauthenticated remote attackers to execute arbitrary code and gain root privilege on mail servers with default or common configurations. All Exim versions released since 2004 are impacted. Qualys:

blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server/. Also:

therecord.media/21nails-vulnerabilities-impact-60-of-the-internets-email-servers/

Belgium’s government network goes down after massive DDoS attack

therecord.media/belgiums-government-network-goes-down-after-massive-ddos-attack/ Most of the Belgium government’s IT network has been down today after a massive distributed denial of service (DDoS) attack knocked offline both internal systems and public-facing websites. The attack targeted Belnet, a government-funded ISP that provides internet connectivity for Belgian government organizations, such as its Parliament, educational institutes, ministries, and research centers. Belnet:

status.belnet.be/incidents/71

Spectre attacks come back from the dead

blog.malwarebytes.com/exploits-and-vulnerabilities/2021/05/spectre-attacks-come-back-from-the-dead/ New research has discovered Spectre attacks that bypass existing mitigations. The research claims that all modern AMD and Intel chips with micro-op caches are vulnerable to Spectre-style attacks. The good news is that exploiting Spectre vulnerabilities isn’t easy. It will require an enormous amount of knowledge about the processor at hand and a lot of luck to find any specific information an attacker could be looking for.

Boystown, dark web child abuse image website with 400, 000 members, shut down by police

grahamcluley.com/boystown-dark-web-child-abuse-image-website-with-400000-members-shut-down-by-police/

You might be interested in …

Daily NCSC-FI news followup 2021-02-18

Microsoft Internal Solorigate Investigation Final Update msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/ We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer data. The investigation also found no indications that our systems at Microsoft were used to […]

Read More

Daily NCSC-FI news followup 2019-09-30

Uusi ja kallis hätäkeskusjärjestelmä kaatui, kun valtion verkkoa päivitettiin “Se on hävyttömän pitkä aika www.iltalehti.fi/kotimaa/a/b2100812-f297-4a44-8b74-609719dda523 Uusi hätäkeskusjärjestelmä Erica on lakannut toimimasta valtion Valtorin turvallisuusverkon päivityskatkosten vuoksi. Detecting and Preventing Emotet 2019 Campaign media.cert.europa.eu/static/SecurityAdvisories/2019/CERT-EU-SA2019-021.pdf Since beginning of June 2019, the Emotet botnet stopped sending phishing emails to infect new victims. However, on August 22nd, 2019, the […]

Read More

Daily NCSC-FI news followup 2021-05-28

APT29: Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/ The campaign’s phishing e-mails purported to originate from the USAID government agency and contained a malicious link that resulted in an ISO file being delivered. This file contained a malicious LNK file, a malicious DLL file, and a legitimate lure referencing foreign threats to […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.