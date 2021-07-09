Cancel
Kaseya And PrintNightmare Vulnerabilities | Avast

By Avast Blog
securityboulevard.com
 10 days ago

“It never rains but it pours.” It’s the saying that describes situations in which several bad things happen at once, and these situations are ones that security incident teams know well. In fact, security teams across the globe have quite recently been experiencing such a situation in regards to the active, formidable PrintNightmare and Kaseya threats.

securityboulevard.com

InternetT3.com

Avast Secure Browser: online privacy with the push of a button

Today, more than half of our lives happen inside the browser. With the expansion of web and cloud-based services, using the right browser has become extremely important, whether it’s for fun and leisure, or for business. Have you ever wondered how much personal data your browser collects? The fastest answer is, a lot.
Computerssecurityboulevard.com

Gaps in the Next-Generation SOC

The following is an excerpt from our recently published whitepaper, “The Failed Promises of SIEM: How Next-Generation Cybersecurity Platforms are Solving the Problems Created by Outdated Tools,” in which we discuss the ways in which SIEM has failed to deliver on promises made to the cybersecurity industry and why cyber teams must instead turn to a next generation platform powered by unsupervised AI to navigate the ever evolving threatscape of 2020 and effectively defend against modern threats and bad actors.
Technologysecurityboulevard.com

What Is Your Digital Footprint? | Avast

If you’re active online, you have a digital footprint. Everyone does. Every comment made on social media, every news article shared, and every purchase made online contributes to a person’s data trail. Your data trail reveals a detailed picture of who you are and what you like. This data is valuable and often monetized by “free” services and apps like Facebook, Google, and Twitter. When you’re logged in, you’re being tracked across every page you visit.
TechnologySilicon Republic

Kaseya cyberattack: Company informed of vulnerabilities in April

The Dutch security group that informed Kaseya of the vulnerabilities said the company’s response was ‘on point and timely’. Kaseya had known about vulnerabilities in its software and was in the process of patching them when a major cyberattack occurred last week (2 July). The ransomware attack, which infected the...
Technologysecurityboulevard.com

How to Build a Cybersecurity Culture

Are you tired of seeing your papier-mâché network defenses torn to shreds? Do you wish you could fake your way through yet another audit, but fear being exposed by a data leak? Are hoodlums in Adidas clothing using your IT infrastructure as their own personal cloud? Well, tough. Cybercriminals are here to stay and your security budget isn’t getting any bigger. (Case in point: from 2019 to 2020, security budgets for enterprises decreased from $18.9 million to $14 million.) You are left with one option: learn to handle it like a pro.
Softwareinforisktoday.com

Researchers: Microsoft 'PrintNightmare' Patch Is Incomplete

Microsoft's emergency, out-of-band patch for a critical remote code vulnerability dubbed "PrintNightmare" falls short in addressing the local privilege escalation part of the flaw, according to Will Dormann, a security analyst at the U.S. CERT Coordination Center, as well as other researchers. The vulnerability, which is tracked as CVE-2021-34527 is...
Computersbleepingcomputer.com

Kaseya patches VSA vulnerabilities used in REvil ransomware attack

CVE-2021-30116 - A credentials leak and business logic flaw, to be included in 9.5.7. CVE-2021-30117 - An SQL injection vulnerability, resolved in May 8th patch. CVE-2021-30118 - A Remote Code Execution vulnerability, resolved in April 10th patch. (v9.5.6) CVE-2021-30119 - A Cross Site Scripting vulnerability, to be included in 9.5.7.
Softwaresecurityboulevard.com

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
Softwarequalys.com

Microsoft Windows Print Spooler RCE Vulnerability (PrintNightmare-CVE-2021-34527) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

On June 29, 2021, a zero-day exploit was observed on Microsoft Windows systems which allows authenticated users with a regular Domain User account to gain full SYSTEM-level privileges. On July 1, 2021, Microsoft released a separate advisory linking this zero-day to CVE-2021-34527 as a confirmed Remote Code Execution (RCE) vulnerability. According to the new advisory, the PoC is publicly disclosed and actively exploited in the wild.
Softwaresecurityboulevard.com

Intelligent Orchestration and Code Dx: Security superheroes

Building security into DevOps has its challenges. Address them with a modern approach to AppSec using Intelligent Orchestration and Code Dx. As a kid, I was fascinated by superheroes like Spider-Man and Superman, and now as an adult I enjoy watching Wonder Woman. There is something about these movies—all the superheroes are unseen and come to the rescue at the right time, and once they have helped, they just disappear without even taking any credit. It made me wonder: why can’t application security be invisible to an organization and especially to developers? Why should developers care what tools we run, how and where we run them, or how they’re configured?
Internetsecurityboulevard.com

Google FLoC | Avast

Earlier this year, Google announced a new way for advertisers to reach consumers without using cookies to track them individually across sites and applications. Federated Learning of Cohorts (FLoC) groups an individual with people who have similar interests. The idea is that advertisers will target the herd, as opposed to specific individuals, and users would be able maintain more of their privacy. Currently, advertisers can track individuals by dropping cookies, which are small files, onto those individuals’ devices when they visit a website, and then track them as they continue to browse the internet.
Softwaremspoweruser.com

Microsoft release fix for PrintNightmare exploit

Microsoft recently confirmed that the newly discovered PrintNightmare vulnerability, which lets authenticated users take over any Windows print server, is already being exploited in the wild. The Zero-day exploit grants attackers full Remote Code Execution capabilities on fully patched Windows Print Spooler devices. Now Microsoft has released a patch for...
Coding & Programmingsecurityboulevard.com

Processing Machine Data With Machine Learning | Avast

This post was written by the following Avast researchers:. Branislav Bošanský, Avast Principal AI Scientist. One of the biggest unaddressed challenges in machine learning (ML) for security is how to process large-scale and dynamically created machine data. Machine data — data generated by machines for machine processing — gets less attention in ML research than video, sound and text, yet it is as prevalent in our digital world and is as important as the dark matter in the universe. In security, machine data is the primary source of information about attacks and other anomalous behavior on the internet. Even so, it’s notoriously hard to learn from it automatically, to discover unknown patterns, and to adapt the learning process to the scale, complexity, and ever-changing nature of machine data. In this post, the Avast AI Research Lab reports on our solution to the problem.
Computerssecurityboulevard.com

Despite Pen Testing Efforts, Stubborn Vulnerabilities Persist

For those security professionals who work to mitigate enterprise software vulnerabilities, it may often seem like Groundhog Day—patching and mitigating the same types of vulnerabilities over and over again. As a just-released report from crowdsourced penetration testing provider Cobalt found, that sense of déjà vu is not their imagination. From...
Computerssecurityboulevard.com

Hairpinning: The Bottleneck in Most Secure Web Gateway Architectures

Secure Web Gateways (SWGs), software for controlling access to websites and SaaS not managed by corporate IT, have evolved from hardware appliances installed on premises, to software running on end user devices with varying degrees of interaction with the security provider’s hosted infrastructure. But the details on how the software interacts with the security provider’s infrastructure makes all of the difference with respect to performance, security, and ease of management. The Bitglass SmartEdge SWG architecture uniquely addresses these concerns in several ways.
Softwaresecurityboulevard.com

Why Managing Security Posture and Entitlements from One Place Makes Sense

Security decision leaders are prioritizing cloud security posture management (CSPM) tools for their organizations, and with just cause: the ability to monitor cloud configurations is essential for complying with regulations and reducing risk from cloud data breaches. However, CSPM answers only some of the modern security challenges that cloud infrastructure...
Softwaresecurityboulevard.com

Salt Security Report Highlights Prevalence of API Vulnerabilities

Salt Security, a provider of a platform for securing application programming interfaces (APIs), today published a report that reveals the existence of vulnerabilities in APIs in an unidentified platform employed widely in the financial services industry that could be easily compromised. Company researchers identified inadequate authorization for data access, inadequate...
Softwaremarketresearchtelecast.com

Patch now! Security patch closes REvil vulnerability in Kaseya VSA

Or more than a week after attacks on Kaseya customers who use the VSA platform to manage software became known, a security patch has now been released. Admins should act immediately and install the secured version. If this does not happen, attackers can target three vulnerabilities (CVE-2021-30116, CVE-2021-30119, CVE-2021-30120) and...

