A Brief Weekly Review of Top Stories that Dominated the Cyberworld

The security landscape saw a number of developments with far-reaching implications over the last week. From Saudi Arabia state oil giant Aramco facing $50mn cyber extortion over leaked data to Google Cloud introducing new zero trust offerings for government, the outgoing week was full of several headline-grabbing events.

Here’s a brief review of what occurred in the outgoing week.   

Saudi Aramco Facing $50M Cyber Extortion Over Leaked Data

Saudi Arabia’s state oil giant recognized that leaked data from the company — files now ostensibly being used in a cyber-extortion attempt involving a $50 million ransom demand — likely came from one of its contractors.

The Saudi Arabian Oil Co., said that it “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors.”

The company did not say which contractor was affected nor whether that contractor had been hacked or if the information leaked out another way.

“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” Aramco said.

Google Cloud Launches New Zero Trust Offerings for Government

This week, Google Cloud announced a new set of services aimed at help federal, state, and local government organizations in the United States to enforce Zero Trust architecture.

A fresh Biden administration Executive Order on Improving the Nation’s Cybersecurity requires government organizations stick to a Zero Trust method to cybersecurity, and Google Cloud has launched three new service offerings custom-made to meet those needs and to be consistent with National Institute of Standards and Technology (NIST) standards.

Dell Fixes Critical Flaws in OpenManage Enterprise

Fixes released this week by Dell for its OpenManage Enterprise product address several critical-severity flaws.

A systems management and monitoring application, Dell OpenManage Enterprise delivers administrators with a complete view of Dell EMC servers, network switches, and storage in their setting.The most severe of these issues is CVE-2021-21564, an improper authentication flaw that could allow a remote attacker to “hijack an elevated session or perform unauthorized actions by sending malformed data.”

Another serious flaw that Dell patched in OpenManage Enterprise is CVE-2021-21585 (CVSS score of 9.1), an OS command injection bug in RACADM and IPMI tools that could allow a remote, authentic malevolent user that already has high privileges to perform arbitrary OS commands.