August Security Update: The (PrintNightmare) Continues | #microsoft | #hacking | #cybersecurity | #education | #technology | #infosec

New Microsoft Point and Print Vulnerability Discovered

Microsoft released a patch in Aug. 2021 to correct the “PrintNightmare” vulnerability in Point and Print, documented as CVE-2021-34481. However, there’s a new zero-day print spooler vulnerability. This vulnerability, CVE-2021-36958, could allow attackers to gain SYSTEM privileges on a computer.

Action Items

Hancitor is Spreading FickerStealer

Symantec reports FickerStealer, malware that extracts sensitive and private information, is now being spread by Hancitor. Attacks involve spam emails containing attachments that enable Hancitor to communicate with C2 servers and retrieve a URL containing FickerStealer.

Action Item

  • Use email security
  • Train employees on spam and phishing tactics.

Two Vulnerabilities Discovered in Zimbra Webmail

SonarSource discovered two vulnerabilities in Zimbra webmail, used by more than 200,000 businesses and more than 1,000 government and financial institutions.

A combination of these vulnerabilities could enable an attacker to gain unrestricted access to all employees’ emails.

CVE-2021-35208 is a cross-site scripting vulnerability that can be triggered when an employee views mail. A malicious email containing a JavaScript payload could ultimately provide an attacker access to the employee’s emails, their webmail session, and possibly additional attacks.

CVE-2021-35209 is a bypass of an allow-list that leads to a server-side request forgery vulnerability. Combined with the first vulnerability, SonarSource says an attacker could extract, for example, AWS IAM credentials or Google Cloud API tokens.

Action Items

  • See technical details on SonarSource’s blog.
  • Use Patch 18 for Zimbra 8.8.15 and Patch 16 for the 9.0 series; prior versions are vulnerable.

New Twist on Phishing: Fake Zoom Meeting Invitations

INKY researchers have discovered that attackers are using Zoom in a phishing campaign to steal credentials from users. The attackers send phishing emails to employees, asking them to review a Zoom meeting invitation by downloading a file attached to the email and downloading an attachment to start the meeting. Attackers used domain names such as that users may think are legitimate—and that could bypass email security.

When users followed the instructions, they arrived at an authentic-looking Microsoft sign-in page, asking for login and password.

Action Items

  • Educate employees and your clients about this scam.
  • Check the URL of every email and website before clicking.
  • Do not open attachments from unknown senders.
  • If in doubt, contact the person by text or phone to confirm the email is legitimate.

McAfee Points out Ransomware Has Become Big Business

McAfee notes that although the Colonial Pipeline ransomware attack monopolized media attention, there’s more to the story. The DarkSide Ransomware as a Service attack was preceded by Babuk, Conti, Ryuk, and REvil. McAfee says widespread attacks on smaller organizations decreased, and attackers focused on larger organizations that could pay higher ransoms.

McAfee also points out that these victims were targeted with customized variants.

Action items

  • Build a comprehensive security strategy that includes threat detection.
  • Back up data in at least three locations, one of which is not connected to the internet and one that’s offsite.
  • Talk through incident response today; know in advance how you will respond to an attack.

Top Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Securing Agency (CISA), as well as the FBI and agencies in Australia and UK, authored an advisory on the top 30 vulnerabilities that cyberattackers most commonly exploit.

The advisory points out that four of the most exploited vulnerabilities in 2020 impact remote work, VPN and cloud technologies.

Action Items

  • Review the list here.
  • Remediate vulnerabilities as soon as possible; patches are available for most.
  • Organizations that have not kept patching up to date should have their systems evaluated for compromise and initiate incident response and recovery.

For more security updates and insights, visit DevPro Journal’s Security resources page.

Source link

One reply on “August Security Update: The (PrintNightmare) Continues | #microsoft | #hacking | #cybersecurity | #education | #technology | #infosec”

Thanks for your article. Another point is that just being a photographer consists of not only trouble in capturing award-winning photographs but in addition hardships in acquiring the best digicam suited to your needs and most especially issues in maintaining the quality of your camera. It is very true and apparent for those photography fans that are in capturing the nature’s interesting scenes — the mountains, the particular forests, the actual wild or even the seas. Visiting these daring places undoubtedly requires a video camera that can meet the wild’s tough natural environment.

Leave a Reply

Your email address will not be published. Required fields are marked *