Details of several high severity vulnerabilities in Dell's firmware update driver, grouped together as CVE2021-21551 with a CVSS score of 8.8, were published on 4 May 2021 and could lead to privilege escalation, denial of service and/or information disclosure on affected devices.

Your brand is the image your customers have of your business; this is precisely what makes your brand into such a valuable asset. It’s no surprise that brand presence is increasingly shifting into the digital realm. And while digital transformation brings with it a whole new world of possibilities, the digitization of the brand also introduces new risks.

If anyone has benefitted from the pandemic, it has been cyber attackers. As businesses expanded their investment in cloud resources and other IT resources in response to the pandemic, cyberattacks also dramatically increased. Businesses reported 445 million cyberattack incidents in 2020, double the rate for 2019. It didn’t have to be this way. With stronger threat intelligence solutions in place, many of the security incidents of 2020 could likely have been averted.

In yet another example of VPN appliance vulnerabilities being actively exploited by threat actors, 20 April 2021 saw the publication of a critical Pulse Connect Secure (PCS) SSL VPN appliance vulnerability, CVE-2021-22893, allowing an authentication bypass that leads to an unauthenticated threat actor gaining the ability to remotely execute arbitrary code on a PCS gateway.

Over the last few weeks, Cyberint has witnessed an ongoing attack campaign targeting social media influencers, attempting to infect them with malware by impersonating large clothing retailers. The campaign targets influencers across multiple social media platforms but currently appears to mostly focus on influencers operating on YouTube. Further, although the infection process is not sophisticated, it is notable and appears to be evolving.

In the last couple of decades, the retail industry has seen dramatic changes, both on the business and on the consumer side. Perhaps the most notable one is buyers’ ever-increasing shift from physical “brick-and-mortar” retailers to online e-commerce platforms. Unfortunately, this has also been accompanied by more and more fraudulent activities, which in turn required for more digital checks and balances.

Hot on the heels of 'Dearcry'[1], yet another ransomware threat has been observed as targeting Microsoft Exchange servers vulnerable to recently reported critical vulnerabilities[2]. Dubbed 'Black KingDom', this ransomware threat has reportedly been deployed through a web-shell that is installed on vulnerable Microsoft Exchange servers following the exploitation of the vulnerability chain that results in both remote code execution (RCE) and elevated privileges.

Extinction Rebellion (XR) is a London-based environmental group aiming at disruptive and nonviolent civil resistance. Launching their first public campaign in October 2018, XR centers their motives on resisting structures that dismiss climate change and degradation of natural resources[1]. XR has been notable in eliciting mass arrest, a Ghandian tactic that garnered them press coverage, funding, and attention from government agencies and policy bodies.

Following high profile headlines of critical vulnerabilities affecting Microsoft Exchange servers, as detailed in our previous blog/bulletin[1], proof-of-concept exploits have become publicly available and appear to have been utilized by a financially-motivated threat actor in the seemingly manual deployment of a new ransomware threat dubbed 'Dearcry'.

Microsoft have recently shared [1][2] details of active threats targeting on-premise Microsoft Exchange servers worldwide by exploiting chained vulnerabilities that lead to the threat actor gaining full control of the affected email server.