Cybersecurity Weekly: Kaseya flaw, PrintNightmare updates, cybersecurity culture study
Kaseya left their customer portal vulnerable to a 2015 flaw. Microsoft releases successful PrintNightmare security updates. An org’s reaction to social engineering is indicative of their cybersecurity culture. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Kaseya left customer portal vulnerable to 2015 flaw
Last week, cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. Now it appears Kaseya’s own customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
2. Microsoft releases PrintNightmare security updates
The emergency security updates released last week correctly patch the PrintNightmare Print Spooler vulnerability for all supported Windows versions. Microsoft is urging clients to start applying the updates as soon as possible. This clarified guidance comes after researchers tagged the patches as incomplete after finding that the security updates could be bypassed.
3. Reaction to social engineering indicative of cybersecurity culture
Although no one has come up with an industry standard definition of cybersecurity culture yet, Infosec explains that a strong cybersecurity culture is based on employees willingly embracing and proactively using security best practices both professionally and personally. Their study examines the collective approach of an organization’s security awareness and behaviors toward cybersecurity.
4. CNA reports data breach after ransomware attack
CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. After reviewing the files stolen during the attack, CNA discovered that they contained customers' personal information such as names and Social Security numbers.
5. Hackers use new trick to disable macro security warnings in malicious Office files
While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing macro code to infect victims' computers.
6. Cyberbullying insurance is here. Do you need it?
Last May, insurance tech startup Waffle began offering stand-alone cyberprotection policies that include cyberbullying and other cyber risks such as identity theft or extortion. The policies are intended to help victims recover costs associated with cyberbullying, such as legal fees, mental health services and tutoring to cover missed school.
7. REvil victims are refusing to pay after flawed Kaseya ransomware attack
The REvil ransomware gang's attack on MSPs and their customers last week should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments. Backups were not deleted and data was not stolen, thus providing the ransomware gang little leverage over the victims.
8. Critical flaws reported in Sage X3 enterprise management software
Four security vulnerabilities were uncovered in the Sage X3 enterprise resource planning product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems.
9. Morgan Stanley discloses data breach after the hack of a third-party vendor
Morgan Stanley disclosed a data breach after threat actors compromised the Accellion FTA server of the third-party vendor Guidehouse. The provider notified Morgan Stanley in May 2021 that hackers compromised its FTA install back in January by exploiting a zero-day vulnerability later addressed by the vendor.
10. Singapore sees spikes in ransomware, botnet attacks
The number of reported cybercrime cases accounted for almost half of total crimes in Singapore last year, where both ransomware and botnet attacks saw significant spikes. The city-state is anticipating intensifying threats from ransomware as well as malicious attacks targeting remote workers and supply chains.
In this Series
- Cybersecurity Weekly: Kaseya flaw, PrintNightmare updates, cybersecurity culture study
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
