Daily NCSC-FI news followup 2021-07-20

Windows printer driver for HP/Samsung/Xerox vulnerable to local privilege escalation – millions of printers affected

labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/ SentinelLabs has discovered a high severity Windows local privilege escalation flaw in HP, Samsung, and Xerox printer drivers. Since 2005 HP, Samsung, and Xerox have released millions of printers worldwide with the vulnerable driver.

New Windows 10 vulnerability allows anyone to get admin privileges

www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/ Yesterday, security researcher Jonas Lykkegaard told BleepingComputer he discovered that the Windows 10 and Windows 11 Registry files associated with the Security Account Manager (SAM), and all other Registry databases, are accessible to the ‘Users’ group that has low privileges on a device. Will Dormann, a vulnerability analyst for CERT/CC, and SANS author Jeff McJunkin, said Microsoft introduced the permission changes in Windows 10 1809.

New Linux kernel bug lets you get root on most modern distros

www.bleepingcomputer.com/news/security/new-linux-kernel-bug-lets-you-get-root-on-most-modern-distros/ As discovered by Qualys researchers, the LPE security flaw tracked as CVE-2021-33909 (dubbed Sequoia) is present in the filesystem layer used to manage user data, a feature universally used by all major (Linux) operating systems. According to Qualys’ research, the vulnerability impacts all Linux kernel versions released since 2014. Qualys:

blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909

Fortinet fixes bug letting unauthenticated hackers run code as root

www.bleepingcomputer.com/news/security/fortinet-fixes-bug-letting-unauthenticated-hackers-run-code-as-root/ Both FortiManager and FortiAnalyzer are enterprise-grade network management solutions for environments with up to 100, 000 devices. They are available as a physical appliance, as a virtual machine, in the cloud, or hosted by Fortinet. The company highlights that [the vulnerable feature] is disabled by default on FortiAnalyzer and can be turned on only on some hardware models

China accuses US of launching cyberattacks, denies Microsoft Exchange hack

therecord.media/china-accuses-us-of-launching-cyberattacks-denies-microsoft-exchange-hack/

UK: Hundreds of Northern rail company touchscreen ticket machines are offline after a ransomware attack

www.zdnet.com/article/hundreds-of-touchscreen-ticket-machines-are-offline-after-a-ransomware-attack/ Over 600 touchscreen ticket machines have been disrupted by a ransomware attack just two months after they were installed at stations across the north of England.

Law Firm to the Fortune 500 Breached with Ransomware

threatpost.com/law-firm-fortune-500-breach-ransomware/167951/ Campbell Conroy & O’Neil, P.C. U.S. law firm to an array of huge companies including the likes of Apple, Boeing, British Airways, Chrysler, Exxon Mobil, Fisher-Price, Ford, Honda, IBM, Jaguar, Monsanto, Toyota and US Airways. On Friday, the firm said in a press release that it got hit by what turned out to be a ransomware attack in February.

Significant Historical Cyber-Intrusion Campaigns Targeting ICS

us-cert.cisa.gov/ncas/current-activity/2021/07/20/significant-historical-cyber-intrusion-campaigns-targeting-ics To raise awareness of the risks toand improve the cyber protection ofcritical infrastructure, CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS

You might be interested in …

Daily NCSC-FI news followup 2021-02-16

France Ties Russia’s Sandworm to a Multiyear Hacking Spree www.wired.com/story/sandworm-centreon-russia-hack/ A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon.. Centreon writes in its statement that “this is not a supply chain type attack and no parallel with other attacks of this type can be made in […]

Read More

Daily NCSC-FI news followup 2019-12-08

Clever Microsoft Phishing Scam Creates a Local Login Form www.bleepingcomputer.com/news/security/clever-microsoft-phishing-scam-creates-a-local-login-form/ A clever phishing campaign has been spotted that bundles the scam’s landing page in the HTML attachment rather than redirecting users to another site that asks them to log in. A typical credential-stealing phishing scam consists of an email where the attacker tries to convince […]

Read More

Daily NCSC-FI news followup 2021-09-17

NSO Group iMessage Zero-Click Exploit Captured in the Wild citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”. In this article, Citizen Lab analyses the exploit chain in detail. Mitigating […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.