Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly
thehackernews.com/2021/07/kaseya-rules-out-supply-chain-attack.html While initial reports raised speculations that the ransomware gang might have gained access to Kaseya’s backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack. It has since emerged that a never-before-seen security vulnerability (CVE-2021-30116) in the software was leveraged to push ransomware to Kaseya’s customers. Lisäksi:
Kaseya: Roughly 1, 500 businesses hit by REvil ransomware attack
www.bleepingcomputer.com/news/security/kaseya-roughly-1-500-businesses-hit-by-revil-ransomware-attack/ Kaseya says the REvil supply-chain ransomware attack breached the systems of roughly 60 of its direct customers using the company’s VSA on-premises product. “Of the approximately 800, 000 to 1, 000, 000 local and small businesses that are managed by Kaseya’s customers, only about 800 to 1, 500 have been compromised.”. Lisäksi:
Global ransomware attack affecting a service platform for small and medium-size segment in Sweden
www.tietoevry.com/en/newsroom/all-news-and-releases/other-news/2021/global-ransomware-attack-affecting-a-service-platform-for-small-and-medium-size-segment-in-sweden/ On late afternoon Friday 2nd of July, a service platform for a small and medium-size segment of customers was subject to a ransomware attack which was related to the global criminal attack towards Kaseya. The Kaseya software is used by a local TietoEVRY operation unit in Sweden and hence a limited number of customers have been affected. The impact on consumers and general public has been narrow, even if the impact to the affected customers business may be serious.
Tilausansaan liittyvistä yllätyskuluista voi reklamoida pankille
www.kkv.fi/ajankohtaista/Tiedotteet/2021/6.7.2021-tilausansaan-liittyvista-yllatyskuluista-voi-reklamoida-pankille/ Verkkokauppaan voi liittyä erilaisia ongelmatilanteita, kuten tilausansoja ja muita huijauksia. Kuluttaja-asiamies on yhdessä EU:n kuluttajaviranomaisten kanssa pyytänyt Visaa, Mastercardia ja American Expressiä muuttamaan järjestelmiään niin, että kuluttaja saa tilausansoihin liittyvistä toistuvista maksuista tiedon nykyistä selvemmin. Kuluttajat voivat reklamoida yllätyksenä tulevista maksuista pankille ja saada rahansa takaisin.
IoT/ICS Armageddon: hacking devices like there’s no tomorrow (part 1)
www.redtimmy.com/iot-ics-armageddon-hacking-devices-like-theres-no-tomorrow-part-1/ The truth is that hacking OT devices wasn’t challenging enough. Today, like five years ago, the security in the area is running 10/15 years behind the traditional IT sector. In a few words:
ZLD4.65 & 5.02 Firmware release
community.zyxel.com/en/discussion/11061/zld4-65-5-02-firmware-release Zyxel has been tracking the recent activity of threat actors targeting Zyxel security appliances and has released firmware patches to defend against it. The patches also include additional security enhancements based on users’ feedback and security researchers’ advice, which we strongly recommend users install immediately.
Pro-Trump social media site Gettr hacked
www.cnet.com/news/pro-trump-social-media-app-gettr-hacked/ A social media site launched last week by a senior adviser to former President Donald Trump was briefly hacked on Sunday, with account profiles being defaced with pro-Palestinian messages. Lisäksi:
Kaspersky Password Manager: All your passwords are belong to us
donjon.ledger.com/kaspersky-password-manager/ The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time.
Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities
thehackernews.com/2021/07/interpol-arrests-hacker-in-morocco-who.html Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.
Website of Mongolian certificate authority served backdoored client installer
www.zdnet.com/article/website-of-mongolian-certificate-authority-backdoored-served-malware A Mongolian certification authority (CA) official website was harboring malware and facilitated downloads of a backdoored client to users.
Microsoft Office July updates fix Outlook crashes, performance issues
www.bleepingcomputer.com/news/microsoft/microsoft-office-july-updates-fix-outlook-crashes-performance-issues/ Microsoft released the July 2021 non-security Microsoft Office updates with improvements and fixes for crashes and issues affecting Windows Installer (MSI) editions of Office 2016 products.
Microsoft 365 to let SecOps lock hacked Active Directory accounts
www.bleepingcomputer.com/news/security/microsoft-365-to-let-secops-lock-hacked-active-directory-accounts/ Microsoft is updating Microsoft Defender for Identity to allow security operations (SecOps) teams to block attacks by locking a compromised user’s Active Directory account.
Western Digital Users Face Another RCE
threatpost.com/rce-0-day-western-digital-users/167547/ Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.