19 May 2021 Weekly Newsletter

BOCRA website




PoC exploit released for Microsoft Exchange bug dicovered by NSA

                                                     LATEST CYBER HACKS 




Toshiba unit hacked by DarkSide

A Toshiba unit said it was hacked by the DarkSide ransomware group, overshadowing an announcement of a strategic review for the Japanese conglomerate under pressure from activist shareholders to seek out suitors.



Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.





Apple's Find My network can be abused to leak secrets to the outside world via passing devices

Apple's Find My network, used to locate iOS and macOS devices – and more recently AirTags and other kit – also turns out to be a potential espionage tool.



Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1

PHP Object Injection is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context.



PoC released for wormable Windows IIS bug

A security researcher has published over the weekend proof-of-concept exploit code for a wormable Windows IIS server vulnerability.

Tracked as CVE-2021-31166, the vulnerability was discovered internally by Microsoft’s staff and patched last week in the May 2021 Patch Tuesday.





Lorenz Ransomware – One More Threat To the Enterprise Security

Bleeping Computer has recently shared details of a Lorenz ransomware that has recently appeared on the radar. The ransomware is active for about a month and has since targeted numerous firms. In brief, ransomware, just like all others, aims at extracting money from businesses by taking over their networks. After infection, Lorenz spreads laterally on the target network to reach Windows domain admin credentials.



Snip3 Crypter Service Delivers Multiple RAT Families

A highly sophisticated Crypter-as-a-Service (CaaS) has been discovered delivering various RAT families onto targeted systems. Researchers from Morphisec named this service Snip3 based on the common denominator username discovered inside the PDB indicator of an earlier variant.



Android Trojan TeaBot Emerges As A New Malware Targeting European Banks

One more Android banking trojan TeaBot has surfaced online that does not belong to any of the existing trojan families. This malware is currently running active campaigns against banks in different European countries.

                               GENERAL NEWS




UK govt seeks advice on defending against supply-chain cyberattacks

Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers (MSPs) across the country.



FBI warns of scammers targeting families of missing persons

The Federal Bureau of Investigation (FBI) warned that scammers actively target the vulnerable families of missing persons attempting to extort them using information shared on social media.



Windows 10 is gaining these nifty enhancements in the next update

The next version of Windows is called the May 2021 Update and will be a minor service pack style with a strong focus on quality improvements for enterprise customers. Later this year, Microsoft will release the first major update of the year codenamed “Windows 10 version 21H2.” In addition to a new start menu, we are also expecting a number of improvements to existing features, such as the Windows Settings app.


Botswana Communications Regulatory Authority

Private Bag 00495, Gaborone, Botswana


Disclaimer: This information was gathered from multi-trusted feeds and it is not created by COMM-CIRT