Latest News

2021/07/08

Microsoft Releases Emergency Patch for PrintNightmare Bugs

The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.

Microsoft has released an emergency patch for the PrintNightmare, a set of two critical remote code-execution (RCE) vulnerabilities in the Windows Print Spooler service that hackers can use to take over an infected system. However, more fixes are necessary before all Windows systems affected by the bug are completely protected, according to the federal government.
2021/07/06

Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly

U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware.

While initial reports raised speculations that the ransomware gang might have gained access to Kaseya's backend infrastructure and abused it to deploy a malicious update to VSA servers running on client premises, in a modus operandi similar to that of the devastating SolarWinds hack, it has since emerged that a never-before-seen security vulnerability (CVE-2021-30116) in the software was leveraged to push ransomware to Kaseya's customers.
2021/07/06

A 'Colossal' Ransomware Attack Hits Hundreds Of U.S. Companies, A Security Firm Says

WASHINGTON (AP) — A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.

The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers. Other researchers agreed with Hammond's assessment.
Source: www.npr.org
2021/06/29

Microsoft Signs Malware That Spreads Through Gaming

The driver, called “Netfilter,” is a rootkit that talks to Chinese C2 IPs and aims to spoof gamers’ geo-locations to cheat the system and play from anywhere, Microsoft said.

Microsoft signed a driver being distributed within gaming environments that turned out to be a malicious network filter rootkit.

G DATA malware analyst Karsten Hahn first noticed the rootkit, publicly posting the find on June 17 and simultaneously reaching out to Microsoft. Hahn noted that the code – a third-party driver for Windows named Netfilter that has been circulating in the gaming community – connected to an IP address in China.
2021/06/10

Intel Plugs 29 Holes in CPUs, Bluetooth, Security

Intel has unleashed 29 security advisories to plug up some serious bugs in the BIOS firmware for Intel processors, as well as in its Bluetooth products, Active Management Technology tools, the NUC Mini PC line, and, ironically, in its own security library.

Details about the advisories can be found at Intel’s Product Security Center.

Intel’s senior director of communications, Jerry Bryant, said in a blog post on Wednesday that Intel’s mostly digging these security issues up internally – as in, 95 percent – through its own diligence, with big chunks of them coming through its bugs bounty program and the company’s own research.