Daily NCSC-FI news followup 2021-07-08

Microsoft: PrintNightmare now patched on all Windows versions

www.bleepingcomputer.com/news/security/microsoft-printnightmare-now-patched-on-all-windows-versions/ Microsoft has released the KB5004948 emergency security update to address the Windows Print Spooler PrintNightmare vulnerability on all editions of Windows 10 1607 and Windows Server 2016. Lisäksi:

docs.microsoft.com/en-us/windows/release-health/windows-message-center. Lisäksi:


Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability

arstechnica.com/gadgets/2021/07/microsofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability/ Despite Tuesday’s out-of-band patch being incomplete, it still provides meaningful protection against many types of attacks that exploit the print spooler vulnerability. Lisäksi:

www.bleepingcomputer.com/news/microsoft/windows-security-update-kb5004945-breaks-printing-on-zebra-printers/. Lisäksi:


Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

beta.darkreading.com/vulnerabilities-threats/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours? Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.

The Evolution of PINCHY SPIDER from GandCrab to REvil

www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/ For years, ransomware was a nuisance that impacted individuals who were unfortunate enough to encounter it via banking trojans, exploit kits or phishing attacks and resulted in a large number of small-value ransoms typically hundreds of dollars per incident.

Kaseya update delayed for security reasons

blog.malwarebytes.com/hacking-2/2021/07/kaseya-update-delayed-for-security-reasons/ Software vendor Kaseya has been caught in the chaos of a supply-chain compromise by the REvil ransomware gang since Friday. Around 40 managed service providers (MSPs) that rely on Kaseya VSA software to administer customers’ ITand up to 1, 500 of their customershave been stricken with the ransomware.

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

krebsonsecurity.com/2021/07/kaseya-left-customer-portal-vulnerable-to-2015-flaw-in-its-own-software/ On July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site portal.kaseya.net was vulnerable to CVE-2015-2862, a “directory traversal” vulnerability in Kaseya VSA that allows remote users to read any files on the server using nothing more than a Web browser.

Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards

msrc-blog.microsoft.com/2021/07/08/microsoft-bug-bounty-programs-year-in-review-13-6m-in-rewards/ Over the past 12 months, Microsoft awarded $13.6M in bug bounties to more than 340 security researchers across 58 countries. The largest award was $200K under the Hyper-V Bounty Program.

Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling

www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan/ Recorded Future has identified a suspected Chinese state-sponsored group that we track as Threat Activity Group 22 (TAG-22) targeting telecommunications, academia, research and development, and government organizations in Nepal, the Philippines, Taiwan, and more historically, Hong Kong.

Nuclear research institute hacked by North for 12 days

koreajoongangdaily.joins.com/2021/07/08/national/northKorea/North-Korea-hacking-nuclear/20210708190700374.html South Korea’s main nuclear research institute was reportedly exposed for over 12 days to hacking attacks probably by North Korea, but no important data was leaked, according to a parliamentary intelligence committee member on Thursday.

Inside the FBI, Russia, and Ukraine’s failed cybercrime investigation

www.technologyreview.com/2021/07/08/1027999/fbi-russia-ukraine-cybercrime-investigation-ransomware/ Russia and Ukraine promised to cooperate and help catch the world’s most successful hackers. But things didn’t quite go to plan.

SideCopy Hackers Target Indian Government Officials With New Malware

thehackernews.com/2021/07/sidecopy-hackers-target-indian.html A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs), signaling a “boost in their development operations.”. Lisäksi:


Russia Cozy Bear’ Breached GOP as Ransomware Attack Hit

www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack, according to two people familiar with the matter.

Bandidos at large: A spying campaign in Latin America

www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america In 2021 we detected an ongoing campaign targeting corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela. When comparing the malware used in this campaign with what was previously documented, we found new functionality and changes to this malware, known as Bandook. Lisäksi:


Critical Flaws Reported in Sage X3 Enterprise Management Software

thehackernews.com/2021/07/critical-flaws-reported-in-sage-x3.html Four security vulnerabilities have been uncovered in the Sage X3 enterprise resource planning (ERP) product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems.

GitLab Fixes Several Vulnerabilities Reported by Bug Bounty

www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html With an update to its software development infrastructure, Gitlab has addressed numerous vulnerabilities including two high-impact online security flaws.

How Fake Accounts and Sneaker-Bots Took Over the Internet

threatpost.com/fake-accounts-sneaker-bots-internet/167626/ Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis. Fake accounts are used for other purposes too: Facebook for instance last fall announced the takedown of 14, 000 fake accounts used to spread disinformation in the 2020 election.

Malvertising: What It Is and How to Protect Yourself

www.pandasecurity.com/en/mediacenter/security/malvertising-2/ Malvertising is a type of cyber attack that plants malicious code into legitimate-looking online advertisements. A vehicle to distribute malware to unsuspecting victims, malvertising is a major problem worldwide and has gained increasing prevalence across the web.

You might be interested in …

Daily NCSC-FI news followup 2021-06-11

Educating the Educators: Protecting Student Data securityintelligence.com/articles/educating-educators-protecting-student-data/ I found my 17-year-old son happily playing video games last year when he was supposed to be in virtual school. But after a few questions, I learned he wasnt skipping school. His class had been canceled after his teacher fell for a phishing attack, and their computer was […]

Read More

Daily NCSC-FI news followup 2020-12-15

Yhdysvalloissa on hakkeroitu lisää hallinnon järjestelmiä kotimaan turvallisuusvirasto oli viimeisimmän kyberhyökkäyksen uhri yle.fi/uutiset/3-11697114 Yhdysvaltain kotimaan turvallisuusviraston vastuulla on maan suojeleminen perinteisiä sekä verkkohyökkäyksiä vastaan. No One Knows How Deep Russia’s Hacking Rampage Goes www.wired.com/story/russia-solarwinds-supply-chain-hack-commerce-treasury/ Dark Halo Leverages SolarWinds Compromise to Breach Organizations www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/ Volexity is releasing additional research and indicators associated with compromises impacting customers […]

Read More

Daily NCSC-FI news followup 2019-12-27

Yli puolet haittaohjelmista muhii kodin älylaitteissa – kaksi asiaa, joilla tukit helpoimmat vuotopaikat yle.fi/uutiset/3-11127237?origin=rss Kotirauhaasi häiritsevät uhat ovat varsin yksinkertaisia haittaohjelmia. Kun perusasiat ovat kunnossa, saadaan tietoturva paljon paremmaksi. Muista nämä: salasana ja laitteen päivitykset.. Nämä kaksi kriteeriä ovat myös tietoturvamerkin ehtoja laitevalmistajille – tietoturvamerkki.fi/ Kunnilla heikkoja salasanoja ja huteria palomuureja – Lahti maksoi kyberhyökkäyksen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.