CyberSec Roundup
A synopsis of the Latest Cybersecurity News
Major Supply Chain Attack
The REvil ransomware group scored a major coup on Friday when they managed to take advantage of a zero-day vulnerability in the Kaseya VSA tool. Kaseya VSA is a powerful tool used by many I.T. managed services providers to manage and monitor their customers’ computers and networks. REvil managed to discover and take advantage of a zero-day vulnerability in Kaseya VSA, where they weaponized the tool to push ransomware through these servers. The result was the MSP’s customers’ networks were crippled with ransomware by the same tool which was supposed to be used to help secure their I.T. infrastructure.
Kaseya confirmed that the incident has mainly affected customers using the on-premise solution, and has asked them to shut down their servers in the interim. Kaseya was aware of the vulnerability as it was reported to them by the Dutch Institute for Vulnerability Disclosure (DIVD), however, they were not able to develop and deploy the patch in time. Kaseya has brought in FireEye to help investigate the incident, given the massive scale of the attack, and President Biden has also asked US intelligence agencies to assist. REvil is trying their best to capitalize on the ransoms and have offered to decrypt all files for everyone for $70 million in bitcoin.
Windows PrintNightmare bug
Microsoft has confirmed the PrintNightmare vulnerability (tracked as CVE-2021-34527) affects all versions of windows and can allow attackers to have system-level privileges on servers using remote code execution. Microsoft doesn’t currently have an official patch for the bug, therefore CISA is advising administrators to disable the Windows Print Spooler service on servers not used for printing, as a mitigation measure.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)