Microsoft: PrintNightmare now patched on all Windows versions
www.bleepingcomputer.com/news/security/microsoft-printnightmare-now-patched-on-all-windows-versions/ Microsoft has released the KB5004948 emergency security update to address the Windows Print Spooler PrintNightmare vulnerability on all editions of Windows 10 1607 and Windows Server 2016. Lisäksi:
Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability
arstechnica.com/gadgets/2021/07/microsofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability/ Despite Tuesday’s out-of-band patch being incomplete, it still provides meaningful protection against many types of attacks that exploit the print spooler vulnerability. Lisäksi:
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
beta.darkreading.com/vulnerabilities-threats/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours? Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.
The Evolution of PINCHY SPIDER from GandCrab to REvil
www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/ For years, ransomware was a nuisance that impacted individuals who were unfortunate enough to encounter it via banking trojans, exploit kits or phishing attacks and resulted in a large number of small-value ransoms typically hundreds of dollars per incident.
Kaseya update delayed for security reasons
blog.malwarebytes.com/hacking-2/2021/07/kaseya-update-delayed-for-security-reasons/ Software vendor Kaseya has been caught in the chaos of a supply-chain compromise by the REvil ransomware gang since Friday. Around 40 managed service providers (MSPs) that rely on Kaseya VSA software to administer customers’ ITand up to 1, 500 of their customershave been stricken with the ransomware.
Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software
krebsonsecurity.com/2021/07/kaseya-left-customer-portal-vulnerable-to-2015-flaw-in-its-own-software/ On July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site portal.kaseya.net was vulnerable to CVE-2015-2862, a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.
Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards
msrc-blog.microsoft.com/2021/07/08/microsoft-bug-bounty-programs-year-in-review-13-6m-in-rewards/ Over the past 12 months, Microsoft awarded $13.6M in bug bounties to more than 340 security researchers across 58 countries. The largest award was $200K under the Hyper-V Bounty Program.
Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling
www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan/ Recorded Future has identified a suspected Chinese state-sponsored group that we track as Threat Activity Group 22 (TAG-22) targeting telecommunications, academia, research and development, and government organizations in Nepal, the Philippines, Taiwan, and more historically, Hong Kong.
Nuclear research institute hacked by North for 12 days
koreajoongangdaily.joins.com/2021/07/08/national/northKorea/North-Korea-hacking-nuclear/20210708190700374.html South Korea’s main nuclear research institute was reportedly exposed for over 12 days to hacking attacks probably by North Korea, but no important data was leaked, according to a parliamentary intelligence committee member on Thursday.
Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation
www.technologyreview.com/2021/07/08/1027999/fbi-russia-ukraine-cybercrime-investigation-ransomware/ Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan.
SideCopy Hackers Target Indian Government Officials With New Malware
thehackernews.com/2021/07/sidecopy-hackers-target-indian.html A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs), signaling a “boost in their development operations.”. Lisäksi:
Russia Cozy Bear’ Breached GOP as Ransomware Attack Hit
www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack, according to two people familiar with the matter.
Bandidos at large: A spying campaign in Latin America
www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america In 2021 we detected an ongoing campaign targeting corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela. When comparing the malware used in this campaign with what was previously documented, we found new functionality and changes to this malware, known as Bandook. Lisäksi:
Critical Flaws Reported in Sage X3 Enterprise Management Software
thehackernews.com/2021/07/critical-flaws-reported-in-sage-x3.html Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems.
GitLab Fixes Several Vulnerabilities Reported by Bug Bounty
www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html With an update to its software development infrastructure, Gitlab has addressed numerous vulnerabilities including two high-impact online security flaws.
How Fake Accounts and Sneaker-Bots Took Over the Internet
threatpost.com/fake-accounts-sneaker-bots-internet/167626/ Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis. Fake accounts are used for other purposes too: Facebook for instance last fall announced the takedown of 14, 000 fake accounts used to spread disinformation in the 2020 election.
Malvertising: What It Is and How to Protect Yourself
www.pandasecurity.com/en/mediacenter/security/malvertising-2/ Malvertising is a type of cyber attack that plants malicious code into legitimate-looking online advertisements. A vehicle to distribute malware to unsuspecting victims, malvertising is a major problem worldwide and has gained increasing prevalence across the web.