Security News > 2021 > May

A team of researchers from Google has identified a new Rowhammer attack technique that works against recent generations of dynamic random-access memory chips. The new attack method disclosed this week by Google, which researchers have dubbed "Half-Double," shows that the effects of Rowhammer can extend beyond immediate neighbors, thus bypassing some of the existing defenses.

While privateer cybercriminal groups are not specifically state-sponsored, they may carry out activities of the protecting state anyway due to pressure to engage in specific actions or target specific entities, according to the post. Privateers fall in the third tier of cybercrime groups below those specifically sponsored by governments at the top, commonly known as APTs and which receive explicit direction and financial support by a nation-state.

Ransomware is not just a type of malware - it's also at the center of a sophisticated, flourishing underground economy that has all the conventions of legitimate commerce. At the center of the scene is the fact that ransomware operators often adopt affiliates, to whom they provide ransomware-as-a-service offerings.

Belgium's Federal Public Service Interior has suffered a "Complex, sophisticated and targeted cyberattack." When Microsoft released out-of-band security updates for Exchange Server in early March to fix zero-day vulnerabilities exploited by the Hafnium threat actor, the FBS Interior called in the Center for Cybersecurity Belgium to help with the patching of their Exchange servers.

Automated testing and rapid deployment are critical to defending against vulnerabilities in open source software, said David Wheeler, director of Open Source Supply Chain Security at the Linux Foundation. Wheeler referenced a 2021 report by software security and IoT company Synopsys which said there are an average of 528 open source components per application, that 84 per cent of codebases have at least one vulnerability, and the average number of vulnerabilities per codebase is 158.

Google on Tuesday announced the release of Chrome 91 to the stable channel. The latest update patches a total of 32 vulnerabilities.

Historical focus solely on attribution has made way for consideration of the human and financial toll that ransomware can have, not only to an organization but also to wider society. Recent events have introduced the world at large to ransomware variants previously only discussed within the information security industry.

A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public priority but with no easy solution. The attack saw its computer systems encrypted, putting its operations offline and causing fuel shortages for American drivers.

VMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible. The first one would allow them to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, while the second one may allow them to perform actions allowed by the impacted plug-ins - Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, VMware Cloud Director Availability - without authentication.

Businesses operating in the word of infosec have been urged to write to the Home Office and support a public interest defence being added to the Computer Misuse Act. On a TechUK-organised call to discuss industry's response to the review of the act, British and overseas companies operating in the UK were urged by both the industry body and the Cyberup campaign to tell UK.gov what they think the law ought to say.