Microsoft shares mitigations for Windows PrintNightmare zero-day bug
www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-windows-printnightmare-zero-day-bug/ Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. Lisäksi:
Microsoft warns of critical PowerShell 7 code execution vulnerability
www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/ Microsoft warns of a critical.NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in.NET 5 and.NET Core.
Mongolian Certificate Authority Hacked to Distribute Backdoored CA Software
thehackernews.com/2021/07/mongolian-certificate-authority-hacked.html In yet another instance of software supply chain attack, unidentified hackers breached the website of MonPass, one of Mongolia’s major certificate authorities, to backdoor its installer software with Cobalt Strike binaries.
Traficom laajentaa Tietoturvamerkin käyttöä puhelimille sitä tuskin myönnetään (MAKSUMUURI)
www.tivi.fi/uutiset/tv/103601a5-8ec3-49ff-b273-764a1c72bda8 Suomalaisten tietoisuus siitä, että älylaitteet saattavat jakaa käyttäjän tietoja luvatta ulkopuolisille on kasvussa. Turvallisia ostopäätöksiä edistetään laajentamalla Tietoturvamerkin käyttöä.
Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks
threatpost.com/healthcare-prey-ransomware-cyberattacks/167525/ Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry. A long-running problem in the healthcare industry is the use of outdated and/or unpatched systems and devices. This is a problem that can largely be attributed to budgetary pressures, both in terms of the cost of equipment and for fielding a well-equipped IT security operation.
Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web
threatpost.com/hacked-data-limevpn-dark-web/167492/ LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline. The VPN provider known as LimeVPN has been hit with a hack affecting 69, 400 user records, according to researchers. A hacker claims to have stolen the company’s entire customer database before knocking its website offline (Threatpost confirmed that as of press time, the website was down).
US insurance giant AJG reports data breach after ransomware attack
www.bleepingcomputer.com/news/security/us-insurance-giant-ajg-reports-data-breach-after-ransomware-attack/ Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September.
Babuk ransomware is back, uses new version on corporate networks
www.bleepingcomputer.com/news/security/babuk-ransomware-is-back-uses-new-version-on-corporate-networks/ After announcing their exit from the ransomware business in favor of data theft extortion, the Babuk gang appears to have slipped back into their old habit of encrypting corporate networks.
New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks
thehackernews.com/2021/07/new-mirai-inspired-botnet-could-be.html Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called “mirai_ptea” that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks.
Thinking about selling your Echo Dotor any IoT device? Read this first
arstechnica.com/gadgets/2021/07/passwords-in-amazon-echo-dots-live-on-even-after-you-factory-reset-them/ Deleting data from Echo Dotsand other IoT devices from Amazon and elsewhereis hard. Like most Internet-of-things (IoT) devices these days, Amazon’s Echo Dot gives users a way to perform a factory reset so, as the corporate behemoth says, users can “remove any… personal content from the applicable device(s)” before selling or discarding them. But researchers have recently found that the digital bits that remain on these reset devices can be reassembled to retrieve a wealth of sensitive data, including passwords, locations, authentication tokens, and other sensitive data.