BLOG

Cyber Threat Report for the Week of 7/8/21

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability
The fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios.
Read Article

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software
On July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site —portal.kaseya.net — was vulnerable to CVE-2015-2862, a vulnerability that was issued in July 2015. Six years later, Kaseya’s customer portal was still exposed to the data-leaking weakness. Read Article
 
White Hats Reported Key Kaseya VSA Flaw Months Ago
Ransomware Outran The Patch Kaspersky Lab said it saw evidence of 5,000 infection attempts in 22 countries in the three days since the first attack was spotted. Read Article
 
Supreme Court Finds Employee’s Misuse of Authorized Access Does Not Violate Computer Fraud And Abuse Act
Employers will not be able to invoke the CFAA against employees who misuse company confidential information that they are authorized to access for personal gain. Read Article
 
Critical Vulnerabilities In Philips Vue Healthcare Products Could Allow Remote Takeover
Multiple critical vulnerabilities in Philips Picture Archiving and Communication Systems (PACS) Clinical Collaboration Platform Portal could enable an attacker to take control over an affected system. Read Article
 
Kaspersky Password Manager Generated Passwords That Could Quickly Be Brute-Forced
A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds, a security researcher claims. Read Article
 
Critical Sage X3 RCE Bug Allows Full System Takeovers
Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and intercept data. Read Article
 
Western Digital MyBook / My Cloud Users Face Another RCE
Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. Read Article
 
Most Disaster Recovery Solutions Are Not Tested On A Regular Basis
More importantly, as the IT estate changes over time, the survey indicated most disaster recovery solutions would not meet recovery objectives. Read Article
 
Five Key Considerations When Adopting A Seed Vault Approach For Ransomware Protection
A “seed vault” approach to ransomware protection can be a last-resort method for organizations to access their data in the event of a catastrophic availability event such as a ransomware attack. Read Article

JAN21003-Cyber-Threat-Horizontal-CTAJuly 4th celebrates our independence from outside rule. Unfortunately for all of us, cyber-attacks have ramped up in quantity and intensity since the holiday, and those outside your organization are intent on trying to seize control of your operations.

Thinking for a minute or even a second that your systems are secure from attack is a mistake. Nothing is 100%, especially cyber security, and no sector is safe from cyber criminals. Now is the time to redouble your efforts and invest wisely in your operational security.

Going it alone is tactic that many attempt and the consequences of doing so can be catastrophic. Consider a relationship with a 3rd party subject matter expert to confirm your best efforts are exactly that. The importance of utilizing a cyber security specialist such as JANUS has never been greater. Reach out to us for a conversation.

Yours in Security,
Lyle Liberman
Chief Operating Officer | JANUS Associates

      

 

 

New call-to-action
New call-to-action

Subscribe Here!