Information Technology

The owner of a cryptocurrency exchange used to launder millions of dollars gained from fake online auctions has been jailed for 10 years. 

Rossen Iossifov, the Bulgarian owner of RG Coins, was sentenced for his role in laundering criminal proceeds obtained from defrauded victims that were converted and funneled through cryptocurrency exchanges in order to hide the criminal sources of the dirty cash. 
The 53-year-old “intentionally engaged in business practices designed to both assist fraudsters in laundering the proceeds of their fraud and to shield himself from criminal liability,” the US Department of Justice (DoJ) said on Tuesday. 
The multimillion-dollar criminal scheme began with criminals based in Romania who operated a “large-scale” online auction scam that roped in at least 900 US citizens. Websites including Craigslist and eBay were used to list high-ticket items — usually vehicles — that did not exist. 
Once a victim won an auction and paid for their goods, these funds would then be converted into cryptocurrency and sent onwards to money launderers. 
According to US prosecutors, Iossifov was one of the money launderers who facilitated the “final steps” in the scheme. 
The DoJ says that Iossifov’s cryptocurrency exchange, located in Sofia, Bulgaria, catered to at least five clients who belonged to the Alexandria Online Auction Fraud (AOAF) network and he would provide “favorable” exchange rates specifically to clients in the criminal ring. 

In addition, the operator did not require any ID or proof relating to the source of the stolen funds, thereby removing that potential tie — and evidence — of criminal activity running through his cryptocurrency exchange. 
Prosecutors estimate that close to $5 million in cryptocurrency was laundered on behalf of four of the AOAF clients in less than three years. When converted into fiat currency, this represents close to $7 million stolen from US citizens alone. 
Money laundering requires a cut due to risk, and for his efforts, the owner of RG Coins earned himself over $184,000. 
However, AOAF has now been picked apart through cooperative investigations conducted by law enforcement agencies across the US, Romania, and Bulgaria. 
Following a two-week trial, US District Court Judge Robert Weir sentenced Iossifov to 10 years in prison for conspiracy to commit a Racketeer Influenced and Corrupt Organizations Act (RICO) offense and conspiracy to commit money laundering. At least 8.5 years of the sentence must be served.
In total, 17 AOAF members — including the Bulgarian national — have been convicted, with seven others also now serving prison sentences. Three members are on the run. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Over the past week or so we’ve seen a lot of chatter about people shifting their messaging platform from WhatsApp to Signal as a result of fallout from a change to its privacy policy. People were concerned that WhatsApp was going to start funneling data to its parent company Facebook.
There’s been subsequent clarification, but the damage has been done.
But what data do these apps have about you? That seems like a good place to start when comparing services.
Also: Cybersecurity 101: Protect your privacy from hackers, spies, and the government 
And fortunately, Apple has made this easier for us by requiring that companies publish their privacy policies and come clean about what they do with your data.
So, let’s take a look at what information this gives us on WhatsApp, Signal, and Telegram. And for a bit of perspective, let’s also look at Facebook.
WhatsApp
Data linked to you – The following data may be collected and linked to your identity:
Developer’s Advertising or Marketing

Identifiers
Usage Data
Advertising Data
Analytics
Purchases
Purchase History
Location
Coarse Location
Contact Info
Phone Number
User Content
Other User Content
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Advertising Data
Diagnostics
Crash Data
Performance Data
Other Diagnostic Data
Product Personalization
User Content
Other User Content
App Functionality
Purchases
Purchase History
Financial Info
Payment Info
Location
Coarse Location
Contact Info
Email Address
Phone Number
Contacts
User Content
Customer Support
Other User Content
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Diagnostics
Crash Data
Performance Data
Other Diagnostic Data
Other Purposes
Contact Info
Phone Number
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Signal
Data not linked to you: The following data, which may be collected but is not linked to your identity, may be used for the following purposes:
App Functionality
Contact Info
Phone Number
Telegram
Data linked to you – The following data may be collected and linked to your identity:
App Functionality
Contact Info
Name
Phone Number
Contacts
Identifiers

Facebook
Data used to track you – The following data may be used to track you across apps and websites owned by other companies:
Other Data
Other Data Types
Contact Info
Physical Address
Email Address
Name
Phone Number
Identifiers
User ID
Device ID
Data linked to you – The following data may be collected and linked to your identity:
Third-Party Advertising
Purchases
Purchase History
Financial Info
Other Financial Info
Location
Precise Location
Coarse Location
Contact Info
Physical Address
Email Address
Name
Phone Number
Other User Contact Info
Contacts
User Content
Photos or Videos
Gameplay Content
Other User Content
Search History
Search History
Browsing History
Browsing History
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Advertising Data
Other Usage Data
Diagnostics
Crash Data
Performance Data
Other Diagnostic Data
Other Data
Other Data Types
Developer’s Advertising or Marketing
Purchases
Purchase History
Financial Info
Other Financial Info
Location
Precise Location
Coarse Location
Contact Info
Physical Address
Email Address
Name
Phone Number
Other User Contact Info
Contacts
User Content
Photos or Videos
Gameplay Content
Other User Content
Search History
Search History
Browsing History
Browsing History
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Advertising Data
Other Usage Data
Diagnostics
Crash Data
Performance Data
Other Diagnostic Data
Other Data
Other Data Types
Analytics
Health & Fitness
Health
Fitness
Purchases
Purchase History
Financial Info
Payment Info
Other Financial Info
Location
Precise Location
Coarse Location
Contact Info
Physical Address
Email Address
Name
Phone Number
Other User Contact Info
Contacts
User Content
Photos or Videos
Audio Data
Gameplay Content
Customer Support
Other User Content
Search History
Search History
Browsing History
Browsing History
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Advertising Data
Other Usage Data
Sensitive Info
Sensitive Info
Diagnostics
Crash Data
Performance Data
Other Diagnostic Data
Other Data
Other Data Types
Product Personalization
Purchases
Purchase History
Financial Info
Other Financial Info
Location
Precise Location
Coarse Location
Contact Info
Physical Address
Email Address
Name
Phone Number
Other User Contact Info
Contacts
User Content
Photos or Videos
Gameplay Content
Other User Content
Search History
Search History
Browsing History
Browsing History
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Advertising Data
Other Usage Data
Sensitive Info
Sensitive Info
Diagnostics
Crash Data
Performance Data
Other Diagnostic Data
Other Data
Other Data Types
App Functionality
Health & Fitness
Health
Fitness
Purchases
Purchase History
Financial Info
Payment Info
Credit Info
Other Financial Info
Location
Precise Location
Coarse Location
Contact Info
Physical Address
Email Address
Name
Phone Number
Other User Contact Info
Contacts
User Content
Emails or Text Messages
Photos or Videos
Audio Data
Gameplay Content
Customer Support
Other User Content
Search History
Search History
Browsing History
Browsing History
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Advertising Data
Other Usage Data
Sensitive Info
Sensitive Info
Diagnostics
Crash Data
Performance Data
Other Diagnostic Data
Other Data
Other Data Types
Other Purposes
Purchases
Purchase History
Financial Info
Other Financial Info
Location
Precise Location
Coarse Location
Contact Info
Physical Address
Email Address
Name
Phone Number
Other User Contact Info
Contacts
User Content
Photos or Videos
Gameplay Content
Customer Support
Other User Content
Search History
Search History
Browsing History
Browsing History
Identifiers
User ID
Device ID
Usage Data
Product Interaction
Advertising Data
Other Usage Data
Diagnostics
Crash Data
Performance Data
Other Diagnostic Data
Other Data
Other Data Types More

Adobe’s first major batch of security updates in 2021 resolves seven critical bugs that can lead to code execution. 

On Tuesday, the tech giant released separate security advisories describing the vulnerabilities now resolved in seven products. The impacted software is Photoshop, Illustrator, Animate, Bridge, InCopy, Captivate, and Campaign Classic. 
The first security fix has been applied to the Photoshop image creation software on Windows and macOS machines. Tracked as CVE-2021-21006, the critical heap-based buffer overflow bug can be abused to trigger arbitrary code execution.  
Adobe Illustrator, on Windows PCs, is the subject of the firm’s second patch. The critical bug, CVE-2021-21007, is described as an uncontrolled search path element error that can also lead to code execution. 
The third critical problem, discovered in Adobe Animate on Windows machines, is the same kind of security flaw resulting in the same consequences. This vulnerability is tracked as CVE-2021-21008. 
Adobe Bridge, used to port and switch content between different forms of creative software — such as between Photoshop and Lightroom — is subject to a fix for CVE-2021-21012 and CVE-2021-21013, critical out-of-bounds write flaws leading to arbitrary code execution. 
Another uncontrolled search path element vulnerability was found in Adobe InCopy, tracked as CVE-2021-21010. This critical bug can also be weaponized for malicious code execution. 

In Adobe Campaign Classic, on Windows and Linux PCs, the company has tackled CVE-2021-21009, a critical server-side request forgery (SSRF) flaw that can be exploited for the purpose of sensitive information disclosure. 
A hotfix has also been issued for CVE-2021-21011, an uncontrolled search path element bug, deemed “important,” that was found in Windows-based versions of Adobe Captivate. If exploited, the vulnerability can lead to privilege escalation. 
It is recommended that users accept automatic updates where appropriate to update their builds and stay protected. 
Adobe thanked researchers from the nsfocus security team, Qihoo 360 CERT, Decathlon, Trend Micro’s Zero Day Initiative, and both Jamie Parfet and Saurabh Kumar for reporting the issues now resolved in the patch round. 
In December’s security update, the tech giant patched critical vulnerabilities in Adobe Lightroom, Prelude, and Experience Manager. 
Earlier this week, Adobe warned that the company has started to block Flash content worldwide in a bid to urge users to uninstall the software. 
While Flash was once a popular method to display animated content, the software is known for being riddled with security holes. As software best left as an artifact of 2000s website development, the company will no longer issue security fixes or updates. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

An international law enforcement operation has resulted in the closure of what Europol is calling the world’s largest illegal marketplace on the dark web.
DarkMarket, which boasted almost 500,000 users, was taken offline following a joint effort between authorities in Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom, through the National Crime Agency, and the United States, including the FBI. Europol said it supported Germany in coordinating the cross-border collaborative effort that involved international partners.
In a statement, Europol said the more than 2,400 sellers on the marketplace mainly traded drugs and sold counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards, and malware.
It said DarkMarket processed over 320,000 transactions, with more than 4,650 bitcoin and 12,800 monero transferred on the underground marketplace, totalling roughly €140 million — a little over $170 million.
An Australian citizen was arrested in the German city of Oldenburg by the Central Criminal Investigation Department at the weekend. It is alleged the 34-year old Australian man is the operator of DarkMarket.
The investigation, which was led by the cybercrime unit of the Koblenz Public Prosecutor’s Office, allowed officers to locate and close the marketplace, switch off the servers, and seize the criminal infrastructure, Europol said. The seized criminal infrastructure included more than 20 servers in Moldova and Ukraine.
Probing the servers will likely result in further investigations of moderators, sellers, and buyers, Europol said.
RELATED COVERAGE

The dark web won’t hide you anymore, police warn crooks
‘Operation Disruptor’ involved agencies from nine countries and the seizure of over $6.5m in cash and cryptocurrencies as criminals warned law enforcement will track them down.
Bad news: Dark web sales of fraud guides are booming. Good news: They’re useless fakes
Fraudsters are selling fraudulent fraud guides to wannabee fraudsters.
FBI & Interpol disrupt Joker’s Stash, the internet’s largest carding marketplace
Four threat intel firms, Digital Shadows, Intel 471, Gemini Advisory, and Kela, said the disruption was temporary. More

(Image: Maxpixel)
We know how some hackers passed away their time during the lockdown: By running Bitcoin-related hacks and potentially netting “nearly $3.78 billion” in 2020, according to a report from Atlas VPN.

The losses are huge but not at the level Atlas VPN claims because it used mid-January 2021 values rather than at the time of the breach. 
Data collected by Slowmist Hacked showed that there were 122 attacks in 2020, targeting three major areas:
Decentralized apps running on the Ethereum platform had 47 attacks (current value $437 million) 
Cryptocurrency exchanges had 28 attacks (current value $300 million in losses)
27 attacks on blockchain wallets
Wallets were the most lucrative target, with $3 billion in losses in current values and an average of $112 million per wallet hacking event compared to about $10 million per attack on Ethereum apps or exchanges.
The good news is that there was a slight decrease in the number of blockchain-related attacks, with an 8% drop from 133 attacks in 2019, and this number is expected to drop further in 2021.
Fewer attacks, but the scale of the losses could dramatically mushroom if the value of Bitcoin and other crypto-currencies maintains a strong momentum as they did in 2020.
CLICKBAIT LOSSES
The “$3.8 billion” stolen that Atlas VPN claims are greatly inflated because they are based on Jan. 12, 2021 conversion rates — not even on end-of-the -ear values, let alone the value at the time of the breach. The continued rise in the value of cryptocurrencies makes the total losses look much larger.

Bitcoin on Jan. 12 was worth $34,100. It was valued at $4,857 in March and finished the year nearly six times higher at $28,897.40.  More

Image: Google Project Zero
Google published a six-part report today detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices.

The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks, Google said.
Also: Best VPNs
“One server targeted Windows users, the other targeted Android,” Project Zero, one of Google’s security teams, said in the first of six blog posts.
Google said that both exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. Once an initial entry point was established in the user’s browsers, attackers deployed an OS-level exploit to gain more control of the victim’s devices.
The exploit chains included a combination of both zero-day and n-day vulnerabilities, where zero-day refers to bugs unknown to the software makers, and n-day refers to bugs that have been patched but are still being exploited in the wild.
All in all, Google said the exploit servers contained:
Four “renderer” bugs in Google Chrome, one of which was still a 0-day at the time of its discovery.
Two sandbox escape exploits abusing three 0-day vulnerabilities in the Windows OS.
And a “privilege escalation kit” composed of publicly known n-day exploits for older versions of the Android OS.

The four zero-days, all of which were patched in the spring of 2020, were as follows:
Google said that while they did not find any evidence of Android zero-day exploits hosted on the exploit servers, its security researchers believe that the threat actor most likely had access to Android zero-days as well, but most likely weren’t hosting them on the servers when its researchers discovered it.
Google: Exploit chains were complex and well-engineered
Overall, Google described the exploit chains as “designed for efficiency & flexibility through their modularity.”
“They are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks,” Google said.
“We believe that teams of experts have designed and developed these exploit chains,” but Google stopped short of providing any other details about the attackers or the type of victims they targeted.

(I mean, TBH you can probably make a pretty intelligent guess about who would do that. You can probably count the number of actors in the world who would go to the trouble of using all those aspects of professionalism on one hand. With fingers left over.)
— Brian in Pittsburgh (@arekfurt) January 12, 2021

Together with its introductory blog post, Google has also published reports detailing a Chrome “infinity bug” used in the attacks, the Chrome exploit chains, the Android exploit chains, post-exploitation steps on Android devices, and the Windows exploit chains.
The provided details should allow other security vendors to identify attacks on their customers and track down victims and other similar attacks carried out by the same threat actor.
Article title updated shortly after publication, changing the term “massive” to “sophisticated” as there is no information on the scale of this operation to support the initial wording. More

Microsoft has started rolling out earlier today it’s monthly set of security patches known in the industry as Patch Tuesday.
In this month’s updates, the Redmond-based company has patched a total of 83 vulnerabilities across a wide range of products, including its Windows operating system, cloud-based products, developer tools, and enterprise servers.
Microsoft Defender zero-day
But of all the bugs patched today, the most important one is a zero-day vulnerability in the Microsoft Defender antivirus, which Microsoft said was exploited before today’s patches were released.
Tracked as CVE-2021-1647, the vulnerability was described as a remote code execution (RCE) bug that allowed threat actors to execute code on vulnerable devices by tricking a user into opening a malicious document on a system where Defender is installed.
Microsoft said that despite exploitation being detected in the wild, the technique is not functional in all situations, and is still considered to be at a proof-of-concept level. However, the code could evolve for more reliable attacks.
To counteract future attacks, Microsoft has released patches for the Microsoft Malware Protection Engine, which won’t require any user interaction and will be installed automatically — unless specifically blocked by system administrators.
Microsoft also fixes publicly disclosed Windows EoP bug
In addition to the Defender zero-day, Microsoft has also fixed a security flaw in the Windows splwow64 service that could be abused to elevate the privileges of an attacker’s code.

Details about this bug, tracked as CVE-2021-1648, were made public last month, on December 15, by Trend Micro’s Zero-Day Initiative project.
However, despite the details being publicly available, this bug wasn’t exploited in the wild, Microsoft said.
Nonetheless, system administrators are advised to revise and apply today’s patches and avoid future headaches in case any of these vulnerabilities get weaponized and added to attackers’ arsenals.
Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:
Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has published this file listing all this month’s security advisories on one single page.
Adobe’s security updates are detailed here.
SAP security updates are available here.
Intel security updates are available here.
VMWare security updates are available here.
Chrome 87 security updates are detailed here.
Android security updates are available here.
Tag
CVE ID
CVE Title
.NET Repository
CVE-2021-1725
Bot Framework SDK Information Disclosure Vulnerability
ASP.NET core & .NET core
CVE-2021-1723
ASP.NET Core and Visual Studio Denial of Service Vulnerability
Azure Active Directory Pod Identity
CVE-2021-1677
Azure Active Directory Pod Identity Spoofing Vulnerability
Microsoft Bluetooth Driver
CVE-2021-1683
Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft Bluetooth Driver
CVE-2021-1638
Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft Bluetooth Driver
CVE-2021-1684
Windows Bluetooth Security Feature Bypass Vulnerability
Microsoft DTV-DVD Video Decoder
CVE-2021-1668
Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
Microsoft Edge (HTML-based)
CVE-2021-1705
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Microsoft Graphics Component
CVE-2021-1709
Windows Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component
CVE-2021-1696
Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component
CVE-2021-1665
GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component
CVE-2021-1708
Windows GDI+ Information Disclosure Vulnerability
Microsoft Malware Protection Engine
CVE-2021-1647
Microsoft Defender Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1713
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1714
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1711
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1715
Microsoft Word Remote Code Execution Vulnerability
Microsoft Office
CVE-2021-1716
Microsoft Word Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2021-1712
Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint
CVE-2021-1707
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2021-1718
Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePoint
CVE-2021-1717
Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint
CVE-2021-1719
Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint
CVE-2021-1641
Microsoft SharePoint Spoofing Vulnerability
Microsoft RPC
CVE-2021-1702
Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1649
Active Template Library Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1676
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
Microsoft Windows
CVE-2021-1689
Windows Multipoint Management Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1657
Windows Fax Compose Form Remote Code Execution Vulnerability
Microsoft Windows
CVE-2021-1646
Windows WLAN Service Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1650
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1706
Windows LUAFV Elevation of Privilege Vulnerability
Microsoft Windows
CVE-2021-1699
Windows (modem.sys) Information Disclosure Vulnerability
Microsoft Windows Codecs Library
CVE-2021-1644
HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs Library
CVE-2021-1643
HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows DNS
CVE-2021-1637
Windows DNS Query Information Disclosure Vulnerability
SQL Server
CVE-2021-1636
Microsoft SQL Elevation of Privilege Vulnerability
Visual Studio
CVE-2020-26870
Visual Studio Remote Code Execution Vulnerability
Windows AppX Deployment Extensions
CVE-2021-1642
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows AppX Deployment Extensions
CVE-2021-1685
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows CryptoAPI
CVE-2021-1679
Windows CryptoAPI Denial of Service Vulnerability
Windows CSC Service
CVE-2021-1652
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1654
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1659
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1653
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1655
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1693
Windows CSC Service Elevation of Privilege Vulnerability
Windows CSC Service
CVE-2021-1688
Windows CSC Service Elevation of Privilege Vulnerability
Windows Diagnostic Hub
CVE-2021-1680
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Diagnostic Hub
CVE-2021-1651
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows DP API
CVE-2021-1645
Windows Docker Information Disclosure Vulnerability
Windows Event Logging Service
CVE-2021-1703
Windows Event Logging Service Elevation of Privilege Vulnerability
Windows Event Tracing
CVE-2021-1662
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Hyper-V
CVE-2021-1691
Hyper-V Denial of Service Vulnerability
Windows Hyper-V
CVE-2021-1704
Windows Hyper-V Elevation of Privilege Vulnerability
Windows Hyper-V
CVE-2021-1692
Hyper-V Denial of Service Vulnerability
Windows Installer
CVE-2021-1661
Windows Installer Elevation of Privilege Vulnerability
Windows Installer
CVE-2021-1697
Windows InstallService Elevation of Privilege Vulnerability
Windows Kernel
CVE-2021-1682
Windows Kernel Elevation of Privilege Vulnerability
Windows Media
CVE-2021-1710
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Windows NTLM
CVE-2021-1678
NTLM Security Feature Bypass Vulnerability
Windows Print Spooler Components
CVE-2021-1695
Windows Print Spooler Elevation of Privilege Vulnerability
Windows Projected File System Filter Driver
CVE-2021-1663
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System Filter Driver
CVE-2021-1672
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Projected File System Filter Driver
CVE-2021-1670
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
Windows Remote Desktop
CVE-2021-1674
Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
Windows Remote Desktop
CVE-2021-1669
Windows Remote Desktop Security Feature Bypass Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1701
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1700
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1666
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1664
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1671
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1673
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1658
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1667
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows Remote Procedure Call Runtime
CVE-2021-1660
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Windows splwow64
CVE-2021-1648
Microsoft splwow64 Elevation of Privilege Vulnerability
Windows TPM Device Driver
CVE-2021-1656
TPM Device Driver Information Disclosure Vulnerability
Windows Update Stack
CVE-2021-1694
Windows Update Stack Elevation of Privilege Vulnerability
Windows WalletService
CVE-2021-1686
Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService
CVE-2021-1681
Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService
CVE-2021-1690
Windows WalletService Elevation of Privilege Vulnerability
Windows WalletService
CVE-2021-1687
Windows WalletService Elevation of Privilege Vulnerability More

Image: Mimecast, Romain Morel
Mimecast, a company that makes cloud email management software, disclosed a security incident today, alerting customers that “a sophisticated threat actor” has obtained one of its digital certificates and abused it to gain access to some of its clients’ Microsoft 365 accounts.

The London-based email software company said the certificate in question was used by several of its products to connect to Microsoft infrastructure.
The products that used this certificate include Mimecast Sync and Recover, Continuity Monitor, and IEP products, the company said in a message posted on its website earlier today.
Mimecast said that around 10% of all its customers used the affected products with this particular certificate; however, the “sophisticated threat actor” abused the stolen certificate to gain access to only a handful of these customers’ Microsoft 365 accounts.
The email software provider put this number at under 10, describing it as a “low single digit number,” and said that it already contacted all the affected customers.
To prevent future abuse, the company is now asking all other customers to “immediately delete the existing connection within their M365 tenant and re-establish a new certificate-based connection using the new certificate [they] ‘ve made available.”
Mimecast said it’s now working with a third-party forensics expert, Microsoft, and law enforcement to investigate how the certificate was compromised and its aftermath.

The London-based company said it learned of the incident from Microsoft after the tech giant detected unauthorized access to some accounts.
A Mimecast spokesperson would not comment if the security incident was somehow related to the recent SolarWinds supply chain attack. More