EDRIdentify, contain, respond, and stop malicious activity on endpoints
SIEM powered by PerchCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
Risk Assessment & Dark Web MonitoringIdentify and quantify unknown cyber risks and vulnerabilities
Cloud App SecurityMonitor and manage security risk for SaaS apps
SOC ServicesProvide 24/7 threat monitoring and response backed by ConnectWise SOC experts
Policy ManagementCreate, deploy, and manage client security policies and profiles
Researchers from the Münster University of Applied Sciences found that it is possible to command inject Dovecot Mail servers. According to Shodan, over 8.8 million devices are running a version of Dovecot. An “attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client,” potentially leading the attacker to gain user credentials and mail from the victims.
This vulnerability only exists for server versions 2.3.0-2.3.14 with submission service enabled. The proof-of-concept, developed by the researchers, shows that it is possible to command inject over IMAP, POP3, and SMTP.
Round 2 - Nvidia Jetson Chipset Flaws
Earlier this year, it was found that the Nvidia Jetson chipset contained flaws that led to denial-of-service attacks. This was identified in CVE-2021-1070 and was ranked a 7.1/10 on the CVSS scale. This was affecting the Nvidia Linux Driver Package (L4T), which specifically supported the Jetson chipset.
In a recent security bulletin, Nvidia disclosed patches for 26 new security flaws, with 9 of them rated as high severity vulnerabilities.
The affected products include AGX Xavier, Xavier NX/TX1, Jetson TX2, and Jetson Nano devices. The vulnerabilities open these products to possible information disclosure, escalation of privileges, and denial of service.
The recommendation to protect your system is to download and install the latest Debian packages from the APT repositories.
Ransomware Extortion = Tax Deductions??
Recent news has speculated that ransomware extortion payouts can be tax-deductible as commonly deducted business expenses. The IRS does not provide any guidance regarding tax deductions for ransom payouts, specifically. It’s an interesting conversation to have about whether companies should or should not be able to deduct the extortion.
That said, it should not distract the community from addressing the concern of growing ransomware activity. Ransomware actors now have another bargaining chip to leverage when negotiations occur with their victims. It is still the stance of the FBI and federal government that no one should be paying ransoms.