In this week's digest, find out how a cyber attack left supermarkets in the Netherlands short of cheese and more on Microsoft's largest Patch Tuesday so far in 2021. Keep reading to get the latest on the biggest cyber security stories of the week.
Bakker Logistiek, one of the largest logistics services providers in the Netherlands, suffered a ransomware attack which indirectly impacted the supply of cheese to supermarkets. It is unknown what ransomware gang targeted Bakker Logistiek; researchers speculate that the threat actors gained access to their systems through the recently reported Microsoft Exchange ProxyLogon vulnerabilities. This cyber security story is another reminder of the indirect impacts of cyber-attacks.
This week researchers disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. The researchers that discovered the vulnerabilities have named them NAME:WRECK. In a real-world attack scenario, adversaries can exploit these flaws to find their way into an organisation's network via an internet-facing device that issues DNS requests to a server and exfiltrate sensitive information, or even use them as a stepping stone to sabotage critical equipment.
Microsoft has released an update which patches 110 vulnerabilities, the largest so far in 2021. 19 labelled "critical" in severity and 88 considered important. The most severe of those flaws disclosed is arguably a Win32k elevation of privilege vulnerability actively being exploited in the wild by the cybercriminal group BITTER APT. Notably, Microsoft released updates to fix four more flaws in Exchange Server versions 2013-2019, also reported by the U.S. National Security Agency.