Author: DEFENDEDGE
-
Microsoft Releases Emergency Patch for PrintNightmare Bugs
The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date. Read more
-
Microsoft Releases Out-of-Band Security Updates for PrintNightmare
Original release date: July 6, 2021 Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service. According to the CERT Coordination Center (CERT/CC), “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related… Read more
-
CISA Releases Security Advisory for Philips Vue PAC Products
Original release date: July 6, 2021 CISA has released an Industrial Controls Systems (ICS) Medical Advisory detailing multiple vulnerabilities in multiple Philips Clinical Collaboration Platform Portal (officially registered as Vue PACS) products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the… Read more
-
Western Digital Users Face Another RCE
Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. Read more
-
Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted
REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116. Read more
-
Kaseya Attack Fallout: CISA, FBI Offer Guidance
Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims. Read more
-
Vulnerability Summary for the Week of June 28, 2021
Original release date: July 5, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — after_effects Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with… Read more
-
CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
Original release date: July 4, 2021 CISA and the Federal Bureau of Investigation (FBI) continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CISA and FBI strongly urge affected MSPs and their customers to follow the guidance below. CISA… Read more
-
Kaseya VSA Supply-Chain Ransomware Attack
Original release date: July 2, 2021 CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers. This product is provided subject… Read more
-
SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
In another sign of the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away. The threat actor behind the malicious activity used password spraying and brute-force attacks to guess passwords and gain access to its customer account. The recent activity was mostly unsuccessful and the majority… Read more