Cybersecurity Weekly: Ransomware affiliates, Cisco ASA flaws, Dell vulnerabilities

June 29, 2021 by Sam Fay

Ransomware gangs are now creating websites to recruit affiliates. A Cisco ASA flaw is under attack after a PoC exploit was posted online. 30 million devices are at risk from Dell SupportAssist RCE vulnerabilities. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Ransomware gangs now creating websites to recruit affiliates

Ever since two prominent cybercrime forums banned ransomware-related topics, criminal operations have been forced to promote their service through alternative methods. At least two ransomware gangs in need of hackers to run the attacks have been using their sites to advertise features of their encryption tools to attract new recruits.
Read more »


2. Cisco ASA flaw under attack after PoC exploit posted online

A security vulnerability in Cisco ASA that was addressed by the company last October, and again earlier this April, was subjected to active attacks following the release of proof-of-concept exploit code. The issue concerns multiple vulnerabilities in the web services interface of Cisco ASA software, and allows an attacker to perform XSS attacks on an affected device.
Read more »


3. 30 million devices at risk from Dell SupportAssist RCE vulnerabilities

Security researchers identified four serious vulnerabilities in the BIOSConnect feature of Dell SupportAssist that could be remotely exploited by attackers to gain full control of targeted devices. The flaws are present in an update mechanism that affects 129 models of laptop and desktop computers protected by Secure Boot.
Read more »


4. MyBook users urged to unplug devices from internet

Western Digital is urging users of its MyBook Live network storage drives to disconnect them from the Internet. Malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device. Commands can then be sent to factory reset the device.
Read more »


5. Nvidia Jetson chips make IoT devices vulnerable to attack

Nvidia patched several vulnerabilities in its Jetson system-on-module series chips that hackers could have exploited to escalate privileges and mount denial-of-service attacks. The products affected by the vulnerabilities include the Jetson TX1, TX2 series, TX2 NX, AGX Xavier series, Xavier NX, Nano and Nano 2GB running Jetson Linux versions before 32.5.1.
Read more »


6. Ransomware attack on eye clinic network affects half a million patients

On February 8, 2021, Wolfe Eye Clinic in Iowa suffered a ransomware attack that resulted in widespread encryption of data on its network. An investigation was immediately launched into the attack, but due to the complexity of the attack it took four months to complete the forensic investigation.
Read more »


7. Attackers breach Microsoft customer service accounts

The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft’s corporate networks to gain access to IT and government organizations. Microsoft officially announced the attacks after the threat group Nobelium stole customer-service-agent credentials to gain access and launch attacks against Microsoft customers.
Read more »


8. Mercedes-Benz customer data flies out the window

Last week, Mercedes-Benz disclosed that one of its vendors leaked customer information out of its cloud storage system. The company said in its advisory that the leaked customer information contained data collected between 2014 and 2017. Mercedes credited an unnamed external security researcher for giving it the heads-up.
Read more »


9. Microsoft Edge bug could’ve let hackers steal website data

Microsoft rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. The weakness stems from a universal cross-site scripting issue related to the built-in Microsoft Translator feature.
Read more »


10. Tulsa officials warn ransomware attackers leaked city files

The attackers behind a May 2021 ransomware campaign against the city of Tulsa, Oklahoma, shared more than 18,000 city files via the Dark Web. Most of the leaked files were police citations and internal department files, officials wrote in a release, noting that police citations contain some personally identifiable information.
Read more »

Posted: June 29, 2021
Sam Fay
View Profile