---
title: "Cyber Security News Update, Week 41 of 2021 | DuoCircle"
description: "The cyber-world is full of twists and turns, with both the cybersecurity expert and the threat actor trying to stay a step ahead of each other at all times."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-41-of-2021/"
---

Quick Answer

Week 41 of 2021 covered six items. A teenage researcher reported a critical authentication-bypass flaw in IRCTC, India's online railway ticketing platform, that could have exposed millions of passenger records. Authorities warned of a wave of fake cold calls pitching cryptocurrency investments tied to phony exchange platforms. Researchers exposed REvil's double-chat tactic of secretly negotiating victim ransoms separately from affiliates so the core operators could pocket affiliate cuts. A vulnerability in D-Link's DIR-3040 mesh router was disclosed allowing remote code execution through the zebra service. Microsoft introduced an Emergency Mitigation feature for Exchange Server that auto-applies stopgap protections for actively exploited flaws. India and Japan announced expanded cooperation on cyber defense, including joint exercises and information sharing on critical infrastructure threats.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-41-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyber%20Security%20News%20Update%2C%20Week%2041%20of%202021&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-41-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-41-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-41-of-2021%2F&title=Cyber%20Security%20News%20Update%2C%20Week%2041%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cyber%20Security%20News%20Update%2C%20Week%2041%20of%202021&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-41-of-2021%2F "Share via Email") 

![DuoCircle blog post image](https://media.mailhop.org/duocircle/images/2021/10/anti-phishing-software-3811.jpg) 

The cyber-world is full of twists and turns, with both the _cybersecurity expert and the threat actor trying to stay a step ahead of each other at all times_. This week’s [cyber news](/announcements) headlines capture some of these moves of cybersecurity experts and adversaries.

## Teenager Helps Identify Critical Vulnerability in India’s Online Railway Ticket Booking Platform, IRCTC

Cybersecurity expertise doesn’t always have to come from professionals. _An aware citizen can also be an agent of loophole detection_, as seen in a recent incident in India. A bug in the IRCTC or the Indian Railway Catering and Tourism Corporation went unnoticed until a Chennai-based 17-year-old private school student [helped identify the bug](https://www.dnaindia.com/india/report-indian-railways-news-chennai-school-student-ranganathan-helps-irctc-fix-bug-that-could-expose-passenger-s-private-information-2912438). The seventeen-year-old Ranganathan pointed out that the critical Insecure Object Direct References (IODR) vulnerability in the IRCTC website could let adversaries access and modify or even cancel the bookings of other passengers. \_He found the bug while viewing his ticket on the website, where he could access the travel details of other passenger\_s. The exposed passenger details include their names, ages, genders, train details, PNR number, travel date, departure and arrival stations, etc.

Ranganathan further mentioned that since the back-end code was the same for all passengers, an attacker could easily order food, alter boarding stations, or cancel other passengers’ tickets. These changed travel details can then be used to launch a targeted **phishing campaign**. Alternatively, _the adversaries could download and leak copies of a million passengers’ travel and personal information_. Soon after detecting the bug on 30th August 2021, Ranganathan reported it to the Computer Emergency Response Team (CERT), who, in their turn, _took five days to patch the vulnerability_.

## Beware of Fake Calls Suggesting Crypto Investments

_As global cryptocurrency investors increase, the crimes against them grow as well_. Recently, the Security Service of Ukraine (SBU) brought down [six Lviv-baser call centers](https://www.bleepingcomputer.com/news/security/ukraine-takes-down-call-centers-behind-cryptocurrency-investor-scams/) linked to such scammers. The adversaries use VoIP phone numbers to conceal their locations while calling foreign investors.

The law enforcement officers at SSU confiscated **over 100 documents** and devices linked to the malicious activities. Their investigation revealed several Lviv locals and rented offices running six **illegal call centers** from where adversaries offered stock and cryptocurrency investment suggestions to foreigners. Unsuspecting crypto investors [transferred their funds](/content/email-security-services/email-security-in-cryptography) to the adversaries’ bank accounts or crypto wallets.

Thus, cryptocurrency investors are advised to receive calls suggesting new schemes and currencies with caution, as these are scams more often than not. _You must also enable MFA and other cybersecurity measures for added protection_.

[![Crypto Investments](https://media.mailhop.org/duocircle/images/2021/10/anti-phishing-software-3812.jpg)](https://media.mailhop.org/duocircle/images/2021/10/anti-phishing-software-3812.jpg)

## REvil Uses Double Chat to Cheat Affiliates

_Ransomware protection measures warn us of the evil ways of the threat actors_, but who would have imagined that there might be fraudulent activities going on within ransomware gangs as well! In a recent incident, the notorious REvil ransomware gang was reported in the Hacker’s Court by affiliates for robbing them of their share of the ransom. _Investigations by malware specialists revealed that REvil had found a way of cheating its affiliates and keeping 100% of the ransom payments_. The usual norm is that for every ransom received from the victim, affiliates get 70%, and REvil gets 30% of the amount. But the REvil RaaS operators are exploiting a backdoor to set up a double chat window to dupe affiliates.

_This backdoor enables REvil to decrypt files and chats between the affiliates and victims_. The victims receive identical chats: one from the original affiliate who launched the attack and the other from REvil. Using this double chat scheme, REvil hijacks the affiliates’ share of ransom payment, and this has aggravated several affiliates who have been robbed of **over $21.5 million** by REvil so far.

## Vulnerability Detected in The D-LINK DIR-3040 Smart WiFi Mesh Router

_Cybersecurity experts at Cisco Talos recently discovered a vulnerability in the D-LINK DIR-3040 smart WiFi mesh router_, an AC3000-based wireless internet router that allows users to [connect several devices](https://blog.talosintelligence.com/2021/09/vuln-spotlight-d-link-.html) in their network, even at home. Exploiting this flaw (dubbed as CVE-2021-21913), _adversaries can turn off user devices or remove connected devices from the network_. Not only that, but the attackers can also view sensitive information such as the root password of the primary device and execute remote code to reboot the connected devices.

Cisco Talos collaborated with D-LINK to resolve the issue and release an update for affected customers to ensure protection against potential [cyber threats](/email-hosting/how-email-security-solutions-are-evolving-to-tackle-the-menace-of-cyber-threats/). Furthermore, all D-LINK users are advised to update the products immediately.

## Microsoft Introduces New Emergency Mitigation Feature

Because of the increased exploitation of **zero-day vulnerabilities**, Microsoft has introduced a new Exchange Server feature called the [Microsoft Exchange Emergency Mitigation](https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-service-mitigates-high-risk-bugs-automatically/) (EM). In a nutshell, EM is a service meant to be a quick fix for all major cyber threats until a patch for the specific vulnerability is released. _EM applies interim mitigations for the actively exploited high-risk vulnerabilities_ and secures servers from incoming attacks, thereby giving admins some extra time to apply security updates.

EM comes as a boon for all servers whose admins couldn’t patch the flaws in time, thus leading to attacks by financially motivated and state-sponsored hacking groups. Built upon Microsoft’s Exchange On-premises Mitigation Tool (EOMT), EM runs as a Windows service on Exchange Mailbox servers and is auto-installed. It functions by detecting cybersecurity loopholes in Exchange Servers and applying interim mitigations till admins have access to a **security update**. As mentioned, these are temporary fixes and not a replacement for Exchange Server Security Updates (SUs). _Admins are free to disable the EM service if they don’t want Microsoft to auto-apply mitigations to their Exchange servers_.

[![Cyber Defence](https://media.mailhop.org/duocircle/images/2021/10/anti-phishing-software-3813.jpg)](https://media.mailhop.org/duocircle/images/2021/10/anti-phishing-software-3813.jpg)

## India And Japan Gear Up With Cyber Defence

_The Indian and Japanese cybersecurity experts have developed robust measures to challenge the spyware frequently deployed by Chinese adversaries_. Japan has recently launched a national cybersecurity policy that explicitly issues red alerts for the threat-causing nations of Russia, China, and North Korea. The [policy complies](https://www.theregister.com/2021/09/28/india%5Fjapan%5Fflex%5Fcyberdefence%5Fmuscles/) with Japan’s strategy of refreshing its defensive plans every three years and instructs the Self Defence Force to enhance its cyber defenses. The policy envisions making cybersecurity available for their citizens because the government noticed critical cyber threats targeting the nation.

The Indian government, on the other hand, has instructed its defense professionals to prepare for any cyber warfare that may target the nation in the coming years. Vice President M. Venkaiah Naidu has suggested the possibility of increased use of drones and robotics in warfare. Regions of Jammu & Kashmir in India share borders with China and Pakistan, which is one of the many reasons for the nation’s conflict with these nations. Following the recent Quad meeting of the USA, Australia, Japan, and India, China has cleared its intentions of developing infosec standards for the world. It calls down upon the Quad member nations for tarnishing its reputation among regional countries, and the recent cybersecurity flexes by Japan and India prove that the wedge is working.

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 41 of 2021","description":"The cyber-world is full of twists and turns, with both the cybersecurity expert and the threat actor trying to stay a step ahead of each other at all times.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-41-of-2021/","datePublished":"2021-10-07T16:27:13.000Z","dateModified":"2025-05-27T11:25:01.000Z","dateCreated":"2021-10-07T16:27:13.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-41-of-2021/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1139,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2021/10/anti-phishing-software-3811.jpg","caption":"DuoCircle blog post image","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cyber Security News Update, Week 41 of 2021","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-41-of-2021/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cyber Security News Update, Week 41 of 2021","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-41-of-2021/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyber Security News Update, Week 41 of 2021","description":"The cyber-world is full of twists and turns, with both the cybersecurity expert and the threat actor trying to stay a step ahead of each other at all times.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-41-of-2021/","datePublished":"2021-10-07T16:27:13.000Z","dateModified":"2025-05-27T11:25:01.000Z","dateCreated":"2021-10-07T16:27:13.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-41-of-2021/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1139,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2021/10/anti-phishing-software-3811.jpg","caption":"DuoCircle blog post image","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```
