Dovecot intercept
Researchers from the Münster University of Applied Sciences found that it is possible to command inject Dovecot Mail servers. According to Shodan, over 8.8 million devices are running a version of Dovecot. An “attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client,” potentially leading the attacker to gain user credentials and mail from the victims.
This vulnerability only exists for server versions 2.3.0-2.3.14 with submission service enabled. The proof-of-concept, developed by the researchers, shows that it is possible to command inject over IMAP, POP3, and SMTP.
Round 2 - Nvidia Jetson Chipset Flaws
Earlier this year, it was found that the Nvidia Jetson chipset contained flaws that led to denial-of-service attacks. This was identified in CVE-2021-1070 and was ranked a 7.1/10 on the CVSS scale. This was affecting the Nvidia Linux Driver Package (L4T), which specifically supported the Jetson chipset.
In a recent security bulletin, Nvidia disclosed patches for 26 new security flaws, with 9 of them rated as high severity vulnerabilities.
The affected products include AGX Xavier, Xavier NX/TX1, Jetson TX2, and Jetson Nano devices. The vulnerabilities open these products to possible information disclosure, escalation of privileges, and denial of service.
The recommendation to protect your system is to download and install the latest Debian packages from the APT repositories.
Ransomware Extortion = Tax Deductions??
Recent news has speculated that ransomware extortion payouts can be tax-deductible as commonly deducted business expenses. The IRS does not provide any guidance regarding tax deductions for ransom payouts, specifically. It’s an interesting conversation to have about whether companies should or should not be able to deduct the extortion.
That said, it should not distract the community from addressing the concern of growing ransomware activity. Ransomware actors now have another bargaining chip to leverage when negotiations occur with their victims. It is still the stance of the FBI and federal government that no one should be paying ransoms.
- Stu
References:
https://hackerone.com/reports/1204962
https://nvidia.custhelp.com/app/answers/detail/a_id/5205
https://abcnews.go.com/Business/wireStory/hit-ransomware-attack-payment-deductible-78373692
We'd love to hear your thoughts. Find us on Twitter, LinkedIn or write in to hello@perchsecurity.com
Next: The ransomware roller coaster
Share this on: