Syntax Bearror

Top Menu

  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

Main Menu

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

logo

Header Banner

Syntax Bearror

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
Bear Security
Home›Bear Security›Bear Security – Security News for Week of June 5th, 2021

Bear Security – Security News for Week of June 5th, 2021

By Christopher
June 5, 2021
661
0
Share:

These are the stories that relate to our careers, clients, and businesses in the cybersecurity world for the Week of June 5th, 2021. This week is just written since the news of the week was pretty light and we needed a chance to test some new production methods moving forward. The YouTube and podcast versions will return next week.

CFAA Gets Narrowed By the Supreme Court

SC Magazine reported on Thursday that a ruling by the US Supreme Court has now narrowed the interpretation of the Computer Fraud and Abuse Act or CFAA. The CFAA which was enacted into law in 1986, was meant to prohibit the access of a computer without authorization, or in excess of authorization. The ruling corresponded to the case of Van Buren v. United States. Nathan Van Buren was a police officer in Georgia who took a bribe in exchange for using his access to the law enforcement database to lookup license plate information for an acquaintance. Prosecutors sought to convict Van Buren under the CFAA since the actions were outside the purview of his job.

In the court’s majority opinion written by Justice Amy Coney Barrett, the court said that provisions of the CFAA that the prosecution used in the conviction of Van Buren were meant to cover those who obtain information from areas of a computer to which their access doesn’t extend and not misuse of their access. Many have been concerned about how the CFAA’s vagueness allowed Federal Prosecutors too much leverage to charge ethical hackers or even regular users with computer crimes for innocuous breaches of terms of usage.

Read the full story and quotes from others on both sides of the ruling over at SC Magazine.

SonicWall Issues Advisory for Network Security Manager Vulnerability

SonicWall issued a security advisory back on May 27th for a command injection vulnerability in the on-premises version of SonicWall Network Security Manager. The vulnerability allows the potential for an authenticated user to execute privileged commands on the operating system that NSM is installed on. SonicWall recommends customers using Network Security Manager 2.2.0-R10-H1 and earlier to upgrade immediately.

Read the full details on the advisory over on SonicWall‘s website.

Vulnerability in Apple’s New M1 Chip Allows Applications to Covertly Exchange Data

Researcher marcan42 on Twitter identified a vulnerability in Apple’s new M1 chip which I found interesting. The vulnerability allows any two applications that are running under an OS to covertly exchange data between them. While the functionality observed is not intended, there’s no actual nefarious use for this flaw. It can also be mitigated by running your OS in a VM.

So, no reason to go throwing out your latest M1-powered Apple devices. Just something interesting to learn.

You can learn more about the flaw and the research over on the site M1RACLES.

Domains Used in Recent USAID Phishing Attacks Seized

Bleeping Computer is reporting that the US Department of Justice seized two of the domains used in recent phishing attacks that were impersonating the US Agency for International Development or USAID, to distribute malware and gain access to networks. Microsoft initially disclosed these attacks last Thursday, as we noted in last week’s show, citing that the attacks were conducted by NOBELIUM, a Russian state-affiliated hacking group.

Targeted recipients who received the emails and clicked on the enclosed links would be prompted to download HTML attachments that would install four new malwares created by the threat actors, along with Cobalt Strike which would lead to full access to victims’ computers and their networks.

You can read the full story over on Bleeping Computer.

Multi-National Meat Company JBS Back Online After Ransomware Attack

Bleeping Computer reported on Friday that JBS, the world’s largest beef producer, has returned to full operation and capacity after they had to shut down production on May 31st due to a ransomware attack. The FBI confirmed on Wednesday that the REvil ransomware group was behind the attack on JBS. JBS was able to restore operations quickly since backup servers were not impacted, and restoration was prioritized to systems critical to production to reduce the impact on the food supply chain, producers, and consumers.

As a result of this, JBS USA and Pilgrim’s said in a press release Thursday, that they were able to limit their production loss to less than one day’s worth, and that REvil’s operators had been unable to gain access to the company’s core systems, which significantly reduced the impact of the attack.

You can read the full story over on Bleeping Computer.

Other Things of Interest for the Week

Alyssa Miller’s TEDx Talk on “Solving The Tech Skills Gap at Your Local Coffee Shop“.

LGBT Tech Offers Tips for Staying Safe Online.

Handy guides for how to choose the right Microsoft tool for managing your work.

An Introduction to AD Querying with DSQuery and LDAP Search.

Involved in HIPAA?

The National Institute for Standards and Technology (NIST)’s comment period for HIPAA implementation guidance is open through June 15th. Be sure to take the opportunity to provide your feedback.

That’s all for this week’s security news. Come back every Saturday for the next rendition and we’ll be back with the podcast and YouTube versions next week. Stay safe out there friends.

TagsApple M1CFAACPU VulnerabilityJBSMicrosoftRansomwareUSAID
Previous Article

Bear Security – Security News for Week ...

Next Article

Bear Security – Security News for Week ...

Share:

Christopher

Christopher Clai is a Senior Security Engineer, IT Generalist, and Developer from Chicago, IL with over 20 years of experience in Information Technology ranging from small businesses to Fortune 500's. Chris loves the Pacific Northwest, Sushi, Invader Zim, Rugby, World of Warcraft, raves, and is an avid user of Microsoft and Linux-based technologies.

Related articles More from author

  • Frag Attack Icon
    Bear Security

    Bear Security – Security News For Week of May 15th, 2021

    May 15, 2021
    By Christopher
  • Collage Photo Representing Story
    Bear Security

    Bear Security – Security News for the Week of July 12th, 2021

    July 12, 2021
    By Christopher
  • Green Code on Laptop Screen with Hand on Keyboard
    Bear Security

    Bear Security – Security News for Week of June 19th, 2021

    June 20, 2021
    By Christopher
  • Bear Security

    Bear Security – Security News for the Week of July 5th, 2021

    July 5, 2021
    By Christopher
  • Bear Security

    Bear Security – Security News for Week of June 12th, 2021

    June 12, 2021
    By Christopher
  • Collage of Hundred Dollar Bills and Bitcoin Coins in Silver and Gold
    Bear Security

    Bear Security – Security News for the Week of July 26th, 2021

    July 26, 2021
    By Christopher

Leave a reply Cancel reply

  • Bear Security

    Bear Security – Security News for Week of June 12th, 2021

  • Screenshot of Windows Background
    IT Fixes

    Realtek Audio Glitches on Windows Insider Builds 18965 and 18970

  • Pixel 4 Top Bezel Detail - From 9to5 Google.
    Reviews

    Will the Google Pixel 4 Be Worth It?

Follow Us on Social

See the Syntax at These Events

All appearances for 2020 have been cancelled due to COVID-19. Stay safe out there and see you all at events in 2021!

Like This Content?

Help Sytnax Bearror create more content, videos, podcasts, scripts, and more by contributing to our caffiene and technology addictions.

Subscribe to our Patreon

Buy Us a Coffee

Most Popular

IT Fixes

Dell Laptops Showing “Press Power Button and Volume Down to Login”

  • How to Root AT&T Samsung S5 G900A (Up to Lollipop 5.0)

    By Christopher
    May 21, 2015
  • Fixing APC PowerChute Personal Edition Not Detecting UPS on Windows 10

    By Christopher
    March 15, 2021
  • Windows 10 Locking Up Intermittently with File Operations

    By Christopher
    October 24, 2015
  • PrintNightmare Part II – Print Spooler Remains Vulnerable Across Windows

    By Christopher
    July 3, 2021

Latest Tweets

  • My time on this social network has come to an end. Fair winds my friends. Find me at: https://t.co/G1ygbdZ5Cd:… https://t.co/qEwtgbJlJm

    Nov 20, 2022
  • Midterms must not have been loud enough. Millennials and Gen Z, get louder.

    Nov 14, 2022
  • Given the direction of things, I'll likely be leaving the bird app. Let's connect via other platforms!… https://t.co/4bl04V46mz

    Oct 31, 2022
  • If you are a member of ISC2, this is a good thread to read on the upcoming vote. I agree with the author, these are… https://t.co/O1dFGUbQQG

    Oct 17, 2022
  • Maybe unpopular opinion? Microsoft needs to make Threat Explorer a part of the Defender for 365 P1 License. Threat… https://t.co/1x0qnoMRrb

    Oct 12, 2022

Categories

Bear Security Blog Cybersecurity How To's IT Fixes Reviews

Copyright Statement

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
©2014 - 2021 - SyntaxBearror.io. All rights reserved unless otherwise noted.