Daily NCSC-FI news followup 2021-07-04

Kaseya zero-day involved in ransomware attack, patches coming

therecord.media/kaseya-zero-day-involved-in-ransomware-attack-patches-coming/ Remote management software vendor Kaseya said it identified and is currently mitigating a vulnerability that was abused in a recent incident that saw ransomware deployed on the networks of thousands of companies worldwide. Lisäksi:


Kaseya was fixing zero-day just as REvil ransomware sprung their attack

www.bleepingcomputer.com/news/security/kaseya-was-fixing-zero-day-just-as-revil-ransomware-sprung-their-attack/ The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before they rolled it out to customers.

Windows Update bug blocks Azure Virtual Desktops security updates

www.bleepingcomputer.com/news/microsoft/windows-update-bug-blocks-azure-virtual-desktops-security-updates/ Microsoft is working to fix a known issue blocking Azure Virtual Desktops devices from downloading downloading and installing recent security updates via Windows Server Update Services (WSUS).

TrickBot: New attacks see the botnet deploy new banking module, new ransomware

therecord.media/trickbot-new-attacks-see-the-botnet-deploy-new-banking-module-new-ransomware/ Over the course of the past few weeks, new activity has been observed from TrickBot, one of today’s largest malware botnets, with reports that its operators have helped create a new ransomware strain called Diavol and that the TrickBot gang is returning to its roots as a banking trojan with a new and updated banking module.

Mysterious Node.js malware puzzles security researchers

therecord.media/mysterious-node-js-malware-puzzles-security-researchers/ Almost four months after it was first spotted in the wild, the infosec community is still scratching its head in regards to the purpose of a new malware strain named Lu0bot.

Detection and Mitigation Advice for PrintNightmare

www.lares.com/blog/detection-and-mitigation-advice-for-printnightmare/ PrintNightmare(CVE-2021-34527) was released as a proof of concept this week on Github. This post highlights how the exploit PoCs released on Github work and how the specific vulnerability can be fixed and detected. The vulnerability itself was found and published by Zhipeng Huo (@R3dF09), Piotr Madej, and Yunhai Zhang

You might be interested in …

Daily NCSC-FI news followup 2019-12-01

Data of 21 million Mixcloud users put up for sale on the dark web www.zdnet.com/article/data-of-21-million-mixcloud-users-put-up-for-sale-on-the-dark-web/ A hacker has breached online music streaming service Mixcloud earlier this month, and is now selling the site’s user data online, on a dark web marketplace.. The Mixcloud data is currently sold for a price of $2,000. Short presentation about […]

Read More

Daily NCSC-FI news followup 2019-08-21

Group-IBs new report on Silence: Damage from Silence APT operations increases fivefold. The gang deploys new tools on its worldwide tour www.group-ib.com/media/silence-attacks/ Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has exposed the most recent campaigns carried out by Silence, a Russian-speaking APT group, in the new “Silence 2.0: Going Global” report. Group-IB […]

Read More

Daily NCSC-FI news followup 2021-03-08

A Basic Timeline of the Exchange Mass-Hack krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/ Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Heres a brief timeline of what we know leading up to last weeks mass-hack, when hundreds of thousands of Microsoft […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.