Syntax Bearror

Top Menu

  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

Main Menu

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
  • Home
  • PowerShell Resource
  • SpiceWorld 2019 Resources
  • Contact Us
  • About Us

logo

Header Banner

Syntax Bearror

  • Home
  • Blog
  • IT Guides
  • How-To’s
  • IT Fixes
  • Cybersecurity
  • Reviews
Bear Security
Home›Bear Security›Bear Security – Security News for Week of June 5th, 2021

Bear Security – Security News for Week of June 5th, 2021

By Christopher
June 5, 2021
1541
0
Share:

These are the stories that relate to our careers, clients, and businesses in the cybersecurity world for the Week of June 5th, 2021. This week is just written since the news of the week was pretty light and we needed a chance to test some new production methods moving forward. The YouTube and podcast versions will return next week.

CFAA Gets Narrowed By the Supreme Court

SC Magazine reported on Thursday that a ruling by the US Supreme Court has now narrowed the interpretation of the Computer Fraud and Abuse Act or CFAA. The CFAA which was enacted into law in 1986, was meant to prohibit the access of a computer without authorization, or in excess of authorization. The ruling corresponded to the case of Van Buren v. United States. Nathan Van Buren was a police officer in Georgia who took a bribe in exchange for using his access to the law enforcement database to lookup license plate information for an acquaintance. Prosecutors sought to convict Van Buren under the CFAA since the actions were outside the purview of his job.

In the court’s majority opinion written by Justice Amy Coney Barrett, the court said that provisions of the CFAA that the prosecution used in the conviction of Van Buren were meant to cover those who obtain information from areas of a computer to which their access doesn’t extend and not misuse of their access. Many have been concerned about how the CFAA’s vagueness allowed Federal Prosecutors too much leverage to charge ethical hackers or even regular users with computer crimes for innocuous breaches of terms of usage.

Read the full story and quotes from others on both sides of the ruling over at SC Magazine.

SonicWall Issues Advisory for Network Security Manager Vulnerability

SonicWall issued a security advisory back on May 27th for a command injection vulnerability in the on-premises version of SonicWall Network Security Manager. The vulnerability allows the potential for an authenticated user to execute privileged commands on the operating system that NSM is installed on. SonicWall recommends customers using Network Security Manager 2.2.0-R10-H1 and earlier to upgrade immediately.

Read the full details on the advisory over on SonicWall‘s website.

Vulnerability in Apple’s New M1 Chip Allows Applications to Covertly Exchange Data

Researcher marcan42 on Twitter identified a vulnerability in Apple’s new M1 chip which I found interesting. The vulnerability allows any two applications that are running under an OS to covertly exchange data between them. While the functionality observed is not intended, there’s no actual nefarious use for this flaw. It can also be mitigated by running your OS in a VM.

So, no reason to go throwing out your latest M1-powered Apple devices. Just something interesting to learn.

You can learn more about the flaw and the research over on the site M1RACLES.

Domains Used in Recent USAID Phishing Attacks Seized

Bleeping Computer is reporting that the US Department of Justice seized two of the domains used in recent phishing attacks that were impersonating the US Agency for International Development or USAID, to distribute malware and gain access to networks. Microsoft initially disclosed these attacks last Thursday, as we noted in last week’s show, citing that the attacks were conducted by NOBELIUM, a Russian state-affiliated hacking group.

Targeted recipients who received the emails and clicked on the enclosed links would be prompted to download HTML attachments that would install four new malwares created by the threat actors, along with Cobalt Strike which would lead to full access to victims’ computers and their networks.

You can read the full story over on Bleeping Computer.

Multi-National Meat Company JBS Back Online After Ransomware Attack

Bleeping Computer reported on Friday that JBS, the world’s largest beef producer, has returned to full operation and capacity after they had to shut down production on May 31st due to a ransomware attack. The FBI confirmed on Wednesday that the REvil ransomware group was behind the attack on JBS. JBS was able to restore operations quickly since backup servers were not impacted, and restoration was prioritized to systems critical to production to reduce the impact on the food supply chain, producers, and consumers.

As a result of this, JBS USA and Pilgrim’s said in a press release Thursday, that they were able to limit their production loss to less than one day’s worth, and that REvil’s operators had been unable to gain access to the company’s core systems, which significantly reduced the impact of the attack.

You can read the full story over on Bleeping Computer.

Other Things of Interest for the Week

Alyssa Miller’s TEDx Talk on “Solving The Tech Skills Gap at Your Local Coffee Shop“.

LGBT Tech Offers Tips for Staying Safe Online.

Handy guides for how to choose the right Microsoft tool for managing your work.

An Introduction to AD Querying with DSQuery and LDAP Search.

Involved in HIPAA?

The National Institute for Standards and Technology (NIST)’s comment period for HIPAA implementation guidance is open through June 15th. Be sure to take the opportunity to provide your feedback.

That’s all for this week’s security news. Come back every Saturday for the next rendition and we’ll be back with the podcast and YouTube versions next week. Stay safe out there friends.

TagsApple M1CFAACPU VulnerabilityJBSMicrosoftRansomwareUSAID
Previous Article

Bear Security – Security News for Week ...

Next Article

Bear Security – Security News for Week ...

Share:

Christopher

Christopher Clai is a Senior Security Engineer, IT Generalist, and Developer from Chicago, IL with over 20 years of experience in Information Technology ranging from small businesses to Fortune 500's. Chris loves the Pacific Northwest, Sushi, Invader Zim, Rugby, World of Warcraft, raves, and is an avid user of Microsoft and Linux-based technologies.

Related articles More from author

  • Frag Attack Icon
    Bear Security

    Bear Security – Security News For Week of May 15th, 2021

    May 15, 2021
    By Christopher
  • Looking suspiciously at a Lemon Duck
    Bear Security

    Bear Security – Security News For Week of May 22nd, 2021

    May 22, 2021
    By Christopher
  • Bear Security

    Bear Security – Security News for Week of June 12th, 2021

    June 12, 2021
    By Christopher
  • Green Code on Laptop Screen with Hand on Keyboard
    Bear Security

    Bear Security – Security News for Week of June 19th, 2021

    June 20, 2021
    By Christopher
  • Collage of Hundred Dollar Bills and Bitcoin Coins in Silver and Gold
    Bear Security

    Bear Security – Security News for the Week of July 26th, 2021

    July 26, 2021
    By Christopher
  • Collage Photo Representing Story
    Bear Security

    Bear Security – Security News for the Week of July 12th, 2021

    July 12, 2021
    By Christopher

Leave a reply Cancel reply

  • Blog

    The Risk of Burnout in IT

  • Blog

    What I’ve Learned From 20 Years in IT

  • IT Fixes

    Taking Control of Your Netwrix Auditor Services with PowerShell

Follow Us on Social

See the Syntax at These Events

All appearances for 2020 have been cancelled due to COVID-19. Stay safe out there and see you all at events in 2021!

Like This Content?

Help Sytnax Bearror create more content, videos, podcasts, scripts, and more by contributing to our caffiene and technology addictions.

Subscribe to our Patreon

Buy Us a Coffee

Most Popular

IT Fixes

Fixing APC PowerChute Personal Edition Not Detecting UPS on Windows 10

  • Dell Laptops Showing “Press Power Button and Volume Down to Login”

    By Christopher
    September 13, 2019
  • How to Root AT&T Samsung S5 G900A (Up to Lollipop 5.0)

    By Christopher
    May 21, 2015
  • PrintNightmare Part II – Print Spooler Remains Vulnerable Across Windows

    By Christopher
    July 3, 2021
  • Picture of Service Listing with Print Spooler in Center

    Disable Print Spooler on Domain Controllers (If You Can)

    By Christopher
    June 30, 2021

Latest Tweets

  • T

    7 hours ago
  • T

    7 hours ago
  • T

    7 hours ago

    Categories

    Bear Security Blog Cybersecurity How To's IT Fixes Reviews

    Copyright Statement

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
    ©2014 - 2021 - SyntaxBearror.io. All rights reserved unless otherwise noted.