The Week In Review 12/04-16/04

The Week In Review 12/04 – 16/04

More than a month has passed since the start of the Exchange Server flaws revelation. While researchers have been trying to analyse the vulnerabilities since the beginning of this saga, some new discoveries have been made. This is the case of the NSA who discovered other bugs in the Exchange Server version 2013, 2016 and 2019. Like the previous vulnerabilities discovered, if exploited, they could allow executing code remotely on a targeted computer.

The multinational software corporation SAP announced that they patched a critical vulnerability known as CVE-2021-27602. Attackers could achieve remote code execution as an authorised user of the SAP Commerce Backoffice software and would be able to inject malicious code in source rules using the scripting capabilities of the Rules engine.

Chrome has not been spared this week again as they confirmed two zero-day remote code execution vulnerabilities were found. Since the start of 2021, the zero-day discoveries have been multiplying for Chrome, forcing them to rush emergency patches for the third time already.

Last week we were explaining the merge of cybercriminal mafias into one big cartel. Days have passed and there is more information on it. Thanks to researchers, we can now see more clearly the inter-connection behind the scenes of cybercrimes that occur. Although the groups are not yet sharing any financial profit, they already share victims’ data, infrastructures, tactics, and malware efficacy.

Read about all of this and more below:

NSA says it found new critical vulnerabilities in Microsoft Exchange Server

(cyberscoop.com)

Released: April 2021 Exchange Server Security Updates

(techcommunity.microsoft.com)

Another Critical Vulnerability Patched in SAP Commerce

(securityweek.com)

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits

(thehackernews.com)

For the second time in a week, a Google Chromium zero-day released online

(securityaffairs.co)

Ransom Mafia – Analysis of the World’s First Ransomware Cartel

(analyst1.com)

How ransomware gangs are connected, sharing resources and tactics

(blog.malwarebytes.com)

Find out how we can help with your cyber challenge

Please enter your contact details using the form below for a free, no obligation, quote and we will get back to you as soon as possible. Alternatively, you can email us directly at [email protected]

Related Projects

AdobeStock_211643639

Dionach Joins the ADS Group

A New Chapter in Aerospace, Defence, and Space Innovation We are thrilled to announce that Dionach has been officially approved as a member of ADS, the UK’s premier Aerospace, Defence, and Space industry trade association! This prestigious certification underscores our commitment to excellence and innovation within these critical sectors. As an ADS member, we look […]
Read More
cyber-security

Dynamic Cybersecurity: Latest Trends and Updates

In today’s interconnected digital world, the field of cybersecurity is constantly evolving to keep up with emerging threats and vulnerabilities. Staying updated with the latest developments is crucial for individuals and organisations alike to protect their sensitive information from malicious actors. In this blog post, we will explore some of the most significant updates and […]
Read More
abstract-data

Why an Internal Penetration Test Delivers Results

Why an Internal Penetration Test Delivers Results The CISO of a large  organisation with multiple regional offices approached Dionach requesting an internal penetration test. The organisation used a hybrid IT infrastructure with systems located across two data centres and Azure. The test was conducted from the context of an unauthenticated user with physical access to […]
Read More
Contact Us

Contact Us React out to one of our cyber experts and we will arrange a call