Cyber Weekly Digest - Week #20


In this week's digest, we discuss how a ransomware attack led to the US declaring a state of emergency in 18 states and why a UK train company is being criticised for a simulated phishing test. Keep reading to hear about the biggest cyber security stories from across the globe.


1. Colonial Pipeline ransomware attack leads to US state of emergency.

This week's biggest story is how a ransomware attack led to a US state of emergency in 18 states. Colonial Pipeline, which supplies almost half of all the fuel consumed on the East Coast in the US, temporarily shut down its infrastructure as a precaution following a DarkSide ransomware attack. According to media reports, the suspension of operations led to an increase in gas prices. Following the attack, President Biden recognised the severity of recent cyber attacks in the US and signed an executive order to increase US cyber security defences.


2. This month's Microsoft Patch Tuesday saw half the usual fixes.

Microsoft released the Patch Tuesday, May 2021 Edition, which fixed 55 security vulnerabilities, around half of the typical monthly updates. Most notable this month is CVE-2021-31166, with a 9.8 severity score. The flaw is a Windows 10 and Windows Server flaw which allows an unauthenticated attacker to execute malicious code at the operating system level remotely. With this weakness, an attacker could compromise a host simply by sending it a specially crafted packet of data. Researchers note that this kind of vulnerability is a prime target for ransomware attackers to exploit.


3. A researcher has discovered a series of Wi-Fi flaws named "FragAttacks".

A researcher has discovered a number of Wi-Fi bugs, which he named "Frag Attacks", which is short for "fragmented and aggregation attacks". Interestingly some of these bugs date back to 1997, so some devices as old as 24 years could be vulnerable. The researcher said that 3 of the vulnerabilities are design flaws in the Wi-Fi standard, which affect most devices. Several other flaws are caused by "widespread programming mistakes", which means that every Wi-Fi produc