Cybersecurity Weekly: Kaseya flaw, PrintNightmare updates, cybersecurity culture study
Kaseya left their customer portal vulnerable to a 2015 flaw. Microsoft releases successful PrintNightmare security updates. An org’s reaction to social engineering is indicative of their cybersecurity culture. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Kaseya left customer portal vulnerable to 2015 flaw
Last week, cybercriminals deployed ransomware to 1,500 organizations, including many that provide IT security and technical support to other companies. Now it appears Kaseya’s own customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
2. Microsoft releases PrintNightmare security updates
The emergency security updates released last week correctly patch the PrintNightmare Print Spooler vulnerability for all supported Windows versions. Microsoft is urging clients to start applying the updates as soon as possible. This clarified guidance comes after researchers tagged the patches as incomplete after finding that the security updates could be bypassed.
3. Reaction to social engineering indicative of cybersecurity culture
Although no one has come up with an industry standard definition of cybersecurity culture yet, Infosec explains that a strong cybersecurity culture is based on employees willingly embracing and proactively using security best practices both professionally and personally. Their study examines the collective approach of an organization’s security awareness and behaviors toward cybersecurity.
4. CNA reports data breach after ransomware attack
CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. After reviewing the files stolen during the attack, CNA discovered that they contained customers' personal information such as names and Social Security numbers.
5. Hackers use new trick to disable macro security warnings in malicious Office files
While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing macro code to infect victims' computers.
6. Cyberbullying insurance is here. Do you need it?
Last May, insurance tech startup Waffle began offering stand-alone cyberprotection policies that include cyberbullying and other cyber risks such as identity theft or extortion. The policies are intended to help victims recover costs associated with cyberbullying, such as legal fees, mental health services and tutoring to cover missed school.
7. REvil victims are refusing to pay after flawed Kaseya ransomware attack
The REvil ransomware gang's attack on MSPs and their customers last week should have been successful, yet changes in their typical tactics and procedures have led to few ransom payments. Backups were not deleted and data was not stolen, thus providing the ransomware gang little leverage over the victims.
8. Critical flaws reported in Sage X3 enterprise management software
Four security vulnerabilities were uncovered in the Sage X3 enterprise resource planning product, two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems.
9. Morgan Stanley discloses data breach after the hack of a third-party vendor
Morgan Stanley disclosed a data breach after threat actors compromised the Accellion FTA server of the third-party vendor Guidehouse. The provider notified Morgan Stanley in May 2021 that hackers compromised its FTA install back in January by exploiting a zero-day vulnerability later addressed by the vendor.
10. Singapore sees spikes in ransomware, botnet attacks
The number of reported cybercrime cases accounted for almost half of total crimes in Singapore last year, where both ransomware and botnet attacks saw significant spikes. The city-state is anticipating intensifying threats from ransomware as well as malicious attacks targeting remote workers and supply chains.