The Week In Review 01/02-05/02

The Week In Review 01/02 – 05/02

Recently, three new vulnerabilities were found for SolarWinds, extending the number of already discovered flaws on the now famous IT monitoring and management platform. These vulnerabilities were judged to be serious as they could lead to a full server compromise. One of the vulnerabilities, affecting the Orion implementation of Microsoft Message Queue (CVE-2021-25274), allows remote unauthorised access giving the ability to run arbitrary code as LocalSystem. SolarWinds addressed these flaws a few days ago, but it might not be the last discovery as many people continue to closely scrutinise the Texas-based company.

Hildegard malware, used by the cybercrime group TeamTNT could be more threatening than it already is according to some researchers, as it is not yet mature. As a reminder, this malware was detected in January 2021 and is used to launch cryptojacking operations. However, researchers believe that the malware could lead to more large-scale cryptojacking attacks via Kubernetes environments or could steal data from applications running in Kubernetes clusters. This will be a case to follow in the coming weeks and months.

Google released patches a few days ago after they discovered a zero-day vulnerability, CVE-2021-21148. However, attackers were able to largely exploit this bug before the patches were applied. Chrome is the most popular web browser in the world securing just over 56% of the market. The giant advised their users to upgrade their browser as soon as possible. This news comes at the same time as the release of a research study showing that American office workers are highly vulnerable to cyber-attacks due to sharing too much personal information on social media. As a result, social engineering cyber attacks are increasingly frequent, and can lead to serious database hacks in sensitives fields such as healthcare. These cyber-attacks also remind us of the high impact of data breaches when they happen on sensitives websites. This is the case of the adult website EscortReviews.com who saw their database leaked on forums across the dark web. These breaches can have a serious impact on reputation and image of exposed users and lead to targeted blackmail or attacks.

Discover how resilient your organisation and effective its response is to a cyber-attack with Dionach’s Red Teaming engagement.

Read about all of this and more below:

New Malware Hijacks Kubernetes Clusters to Mine Monero.
(threatpost.com)

Most of the American office workers are vulnerable to cyber-attacks.
(cybersecurity-insiders.com)

Google patches an actively exploited Chrome zero-day.
(zdnet.com)

Multiple new flaws uncovered in SolarWinds software just weeks after high-profile supply chain attack.
(portswigger.net)

Female escort review site data breach affects 470,000 members.
(bleepingcomputer.com)

Find out how we can help with your cyber challenge

Please enter your contact details using the form below for a free, no obligation, quote and we will get back to you as soon as possible. Alternatively, you can email us directly at [email protected]

Related Posts

AdobeStock_186430869

Dionach Achieves JOSCAR Registration

A Milestone in Aerospace, Defence, and Security Compliance We are thrilled to announce that Dionach is now a registered supplier on the defence portal JOSCAR, managed by Hellios. This significant achievement underscores our commitment to excellence and compliance in the aerospace, defence, and security sectors. Being JOSCAR registered not only reflects our dedication to maintaining […]
Read More
AdobeStock_211643639

Dionach Joins the ADS Group

A New Chapter in Aerospace, Defence, and Space Innovation We are thrilled to announce that Dionach has been officially approved as a member of ADS, the UK’s premier Aerospace, Defence, and Space industry trade association! This prestigious certification underscores our commitment to excellence and innovation within these critical sectors. As an ADS member, we look […]
Read More
cyber-security

Dynamic Cybersecurity: Latest Trends and Updates

In today’s interconnected digital world, the field of cybersecurity is constantly evolving to keep up with emerging threats and vulnerabilities. Staying updated with the latest developments is crucial for individuals and organisations alike to protect their sensitive information from malicious actors. In this blog post, we will explore some of the most significant updates and […]
Read More
Contact Us

Contact Us React out to one of our cyber experts and we will arrange a call