![]() The Kaseya supply chain attack was just the latest example of attackers looking at IT management software as a “skeleton key” to access victims’ networks.Ī Dutch security group warned Kaseya of the vulnerabilities in its product that would eventually lead to the large supply chain attack in April. Users who have the software-as-a-service version of VSA are still advised to shut down their affected servers while Kaseya works with users to fix the issues.Ĭisco Secure Endpoint signatures: Gen:Variant.Graftor.952042,, , W32.RetroDetectedĬlamAV signatures: -9875493-0, -9875494-0Ĭloud IOCs:, ,, ![]() The current patch only applies to on-premise customers. ![]() REvil, the ransomware group behind the attack, is demanding a $70 million ransom for a universal decryption key. Kaseya released a patch for its remote monitoring software that could be exploited to bypass authentication and execute remote code. Title: Kaseya rolls out patches for vulnerabilities exploited by ransomware attackersĭescription: The supply chain attack on Kaseya VSA continues to dominate the security landscape as hundreds of organizations deal with the ramifications, including ransomware attacks. CVE-2021-34448 is a memory corruption vulnerability in the Scripting Engine that is triggered when the user opens a specially crafted file, either attached to an email or a compromised website. Besides the print spooler vulnerability, there is one other issue attackers have exploited in the wild, according to Microsoft. Microsoft attempted to fix the vulnerability with an out-of-band release earlier this month, though the vulnerability could still be exploited. This vulnerability was first disclosed in April, though security researchers later discovered it could be exploited in a more serious way than initially thought. Most notably, Microsoft released the update to patch the so-called “PrintNightmare” vulnerability in its print spooler function that could allow an attacker to execute remote code. Title: Microsoft patches PrintNightmare as part of Patch Tuesdayĭescription: Microsoft released its monthly security update Tuesday, disclosing 117 vulnerabilities across its suite of products, by far the most in a month this year. SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP Immediately apply the skills and techniques learned in SANS courses, ranges, and summits
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |