Cybersecurity Weekly: Kaseya flaw, PrintNightmare updates, cybersecurity culture study

July 13, 2021 by Sam Fay

Kaseya left their customer portal vulnerable to a 2015 flaw. Microsoft releases successful PrintNightmare security updates. An org’s reaction to social engineering is indicative of their cybersecurity culture. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. Kaseya left customer portal vulnerable to 2015 flaw

Last week, cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. Now it appears Kaseya’s own customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
Read more »


2. Microsoft releases PrintNightmare security updates

The emergency security updates released last week correctly patch the PrintNightmare Print Spooler vulnerability for all supported Windows versions. Microsoft is urging clients to start applying the updates as soon as possible. This clarified guidance comes after researchers tagged the patches as incomplete after finding that the security updates could be bypassed.
Read more »


3. Reaction to social engineering indicative of cybersecurity culture

Although no one has come up with an industry standard definition of cybersecurity culture yet, Infosec explains that a strong cybersecurity culture is based on employees willingly embracing and proactively using security best practices both professionally and personally. Their study examines the collective approach of an organization’s security awareness and behaviors toward cybersecurity.
Read more »


4. CNA reports data breach after ransomware attack

CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. After reviewing the files stolen during the attack, CNA discovered that they contained customers’ personal information such as names and Social Security numbers.
Read more »


5. Hackers use new trick to disable macro security warnings in malicious Office files

While it’s a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing macro code to infect victims’ computers.
Read more »


6. Cyberbullying insurance is here. Do you need it?

Last May, insurance tech startup Waffle began offering stand-alone cyberprotection policies that include cyberbullying and other cyber risks such as identity theft or extortion. The policies are intended to help victims recover costs associated with cyberbullying, such as legal fees, mental health services and tutoring to cover missed school.
Read more »


7. REvil victims are refusing to pay after flawed Kaseya ransomware attack

The REvil ransomware gang’s attack on MSPs and their customers last week should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments. Backups were not deleted and data was not stolen, thus providing the ransomware gang little leverage over the victims.
Read more »


8. Critical flaws reported in Sage X3 enterprise management software

Four security vulnerabilities were uncovered in the Sage X3 enterprise resource planning product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems.
Read more »


9. Morgan Stanley discloses data breach after the hack of a third-party vendor

Morgan Stanley disclosed a data breach after threat actors compromised the Accellion FTA server of the third-party vendor Guidehouse. The provider notified Morgan Stanley in May 2021 that hackers compromised its FTA install back in January by exploiting a zero-day vulnerability later addressed by the vendor.
Read more »


10. Singapore sees spikes in ransomware, botnet attacks

The number of reported cybercrime cases accounted for almost half of total crimes in Singapore last year, where both ransomware and botnet attacks saw significant spikes. The city-state is anticipating intensifying threats from ransomware as well as malicious attacks targeting remote workers and supply chains.
Read more »

Posted: July 13, 2021
Sam Fay
View Profile