The Week In Review 12/04 – 16/04
More than a month has passed since the start of the Exchange Server flaws revelation. While researchers have been trying to analyse the vulnerabilities since the beginning of this saga, some new discoveries have been made. This is the case of the NSA who discovered other bugs in the Exchange Server version 2013, 2016 and 2019. Like the previous vulnerabilities discovered, if exploited, they could allow executing code remotely on a targeted computer.
The multinational software corporation SAP announced that they patched a critical vulnerability known as CVE-2021-27602. Attackers could achieve remote code execution as an authorised user of the SAP Commerce Backoffice software and would be able to inject malicious code in source rules using the scripting capabilities of the Rules engine.
Chrome has not been spared this week again as they confirmed two zero-day remote code execution vulnerabilities were found. Since the start of 2021, the zero-day discoveries have been multiplying for Chrome, forcing them to rush emergency patches for the third time already.
Last week we were explaining the merge of cybercriminal mafias into one big cartel. Days have passed and there is more information on it. Thanks to researchers, we can now see more clearly the inter-connection behind the scenes of cybercrimes that occur. Although the groups are not yet sharing any financial profit, they already share victims’ data, infrastructures, tactics, and malware efficacy.
Read about all of this and more below:
NSA says it found new critical vulnerabilities in Microsoft Exchange Server
Released: April 2021 Exchange Server Security Updates
Another Critical Vulnerability Patched in SAP Commerce
Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits
For the second time in a week, a Google Chromium zero-day released online
Ransom Mafia – Analysis of the World’s First Ransomware Cartel
How ransomware gangs are connected, sharing resources and tactics