Daily NCSC-FI news followup 2021-07-08

Microsoft: PrintNightmare now patched on all Windows versions

www.bleepingcomputer.com/news/security/microsoft-printnightmare-now-patched-on-all-windows-versions/ Microsoft has released the KB5004948 emergency security update to address the Windows Print Spooler PrintNightmare vulnerability on all editions of Windows 10 1607 and Windows Server 2016. Lisäksi:

docs.microsoft.com/en-us/windows/release-health/windows-message-center. Lisäksi:


Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability

arstechnica.com/gadgets/2021/07/microsofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability/ Despite Tuesday’s out-of-band patch being incomplete, it still provides meaningful protection against many types of attacks that exploit the print spooler vulnerability. Lisäksi:

www.bleepingcomputer.com/news/microsoft/windows-security-update-kb5004945-breaks-printing-on-zebra-printers/. Lisäksi:


Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

beta.darkreading.com/vulnerabilities-threats/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours? Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.

The Evolution of PINCHY SPIDER from GandCrab to REvil

www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/ For years, ransomware was a nuisance that impacted individuals who were unfortunate enough to encounter it via banking trojans, exploit kits or phishing attacks and resulted in a large number of small-value ransoms typically hundreds of dollars per incident.

Kaseya update delayed for security reasons

blog.malwarebytes.com/hacking-2/2021/07/kaseya-update-delayed-for-security-reasons/ Software vendor Kaseya has been caught in the chaos of a supply-chain compromise by the REvil ransomware gang since Friday. Around 40 managed service providers (MSPs) that rely on Kaseya VSA software to administer customers’ ITand up to 1, 500 of their customershave been stricken with the ransomware.

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

krebsonsecurity.com/2021/07/kaseya-left-customer-portal-vulnerable-to-2015-flaw-in-its-own-software/ On July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site portal.kaseya.net was vulnerable to CVE-2015-2862, a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.

Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards

msrc-blog.microsoft.com/2021/07/08/microsoft-bug-bounty-programs-year-in-review-13-6m-in-rewards/ Over the past 12 months, Microsoft awarded $13.6M in bug bounties to more than 340 security researchers across 58 countries. The largest award was $200K under the Hyper-V Bounty Program.

Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling

www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan/ Recorded Future has identified a suspected Chinese state-sponsored group that we track as Threat Activity Group 22 (TAG-22) targeting telecommunications, academia, research and development, and government organizations in Nepal, the Philippines, Taiwan, and more historically, Hong Kong.

Nuclear research institute hacked by North for 12 days

koreajoongangdaily.joins.com/2021/07/08/national/northKorea/North-Korea-hacking-nuclear/20210708190700374.html South Korea’s main nuclear research institute was reportedly exposed for over 12 days to hacking attacks probably by North Korea, but no important data was leaked, according to a parliamentary intelligence committee member on Thursday.

Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation

www.technologyreview.com/2021/07/08/1027999/fbi-russia-ukraine-cybercrime-investigation-ransomware/ Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan.

SideCopy Hackers Target Indian Government Officials With New Malware

thehackernews.com/2021/07/sidecopy-hackers-target-indian.html A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs), signaling a “boost in their development operations.”. Lisäksi:


Russia Cozy Bear’ Breached GOP as Ransomware Attack Hit

www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack, according to two people familiar with the matter.

Bandidos at large: A spying campaign in Latin America

www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america In 2021 we detected an ongoing campaign targeting corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela. When comparing the malware used in this campaign with what was previously documented, we found new functionality and changes to this malware, known as Bandook. Lisäksi:


Critical Flaws Reported in Sage X3 Enterprise Management Software

thehackernews.com/2021/07/critical-flaws-reported-in-sage-x3.html Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems.

GitLab Fixes Several Vulnerabilities Reported by Bug Bounty

www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html With an update to its software development infrastructure, Gitlab has addressed numerous vulnerabilities including two high-impact online security flaws.

How Fake Accounts and Sneaker-Bots Took Over the Internet

threatpost.com/fake-accounts-sneaker-bots-internet/167626/ Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis. Fake accounts are used for other purposes too: Facebook for instance last fall announced the takedown of 14, 000 fake accounts used to spread disinformation in the 2020 election.

Malvertising: What It Is and How to Protect Yourself

www.pandasecurity.com/en/mediacenter/security/malvertising-2/ Malvertising is a type of cyber attack that plants malicious code into legitimate-looking online advertisements. A vehicle to distribute malware to unsuspecting victims, malvertising is a major problem worldwide and has gained increasing prevalence across the web.

You might be interested in …

Daily NCSC-FI news followup 2020-02-09

Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Tech Support scammers are using a free utility called Lock My PC to lock users out of their PCs unless they pay the requested “support” fees. For years telephone scammers pretending to be from Microsoft, Google, and other companies have been convincing […]

Read More

Daily NCSC-FI news followup 2021-07-30

New bank-fraud malware called Vultur infects thousands of devices arstechnica.com/gadgets/2021/07/new-bank-fraud-malware-called-vultur-infects-thousands-of-devices/ Recently detected Android malware, some spread through the Google Play Store, uses a novel way to supercharge the harvesting of login credentials from more than 100 banking and cryptocurrency applications.. Screen sharing courtesy of VNC mirrors device screens to attacker-controlled servers. Valtorin pelko osui oikeaan: […]

Read More

Daily NCSC-FI news followup 2019-10-09

Exploring a Recent Magnitude Exploit Kit Sample www.fortinet.com/blog/threat-research/magnitude-exploit-kit-sample-analysis.html As Internet Explorer’s share of the browser pie continues to shrink, exploit kits frameworks hosted by malicious actors to target browser vulnerabilities, particularly for IE are much less active than before. However, some of them now target geographic regions where IE owns a more sizable part of […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.