Janus Associates Blog - Bringing You Cybersecutity Industrty News and Threat Reports

Cyber Threat Report for the Week of 7/8/21

Written by Lyle A. Liberman | Jul 9, 2021 4:06:00 PM

Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability

The fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios. Read Article

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

On July 3, security incident response firm Mandiant notified Kaseya that their billing and customer support site —portal.kaseya.net — was vulnerable to CVE-2015-2862, a vulnerability that was issued in July 2015. Six years later, Kaseya’s customer portal was still exposed to the data-leaking weakness. Read Article

 

White Hats Reported Key Kaseya VSA Flaw Months Ago

Ransomware Outran The Patch Kaspersky Lab said it saw evidence of 5,000 infection attempts in 22 countries in the three days since the first attack was spotted. Read Article

 

Supreme Court Finds Employee’s Misuse of Authorized Access Does Not Violate Computer Fraud And Abuse Act

Employers will not be able to invoke the CFAA against employees who misuse company confidential information that they are authorized to access for personal gain. Read Article

 

Critical Vulnerabilities In Philips Vue Healthcare Products Could Allow Remote Takeover

Multiple critical vulnerabilities in Philips Picture Archiving and Communication Systems (PACS) Clinical Collaboration Platform Portal could enable an attacker to take control over an affected system. Read Article

 

Kaspersky Password Manager Generated Passwords That Could Quickly Be Brute-Forced

A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds, a security researcher claims. Read Article

 

Critical Sage X3 RCE Bug Allows Full System Takeovers

Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and intercept data. Read Article

 

Western Digital MyBook / My Cloud Users Face Another RCE

Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices. Read Article

 

Most Disaster Recovery Solutions Are Not Tested On A Regular Basis

More importantly, as the IT estate changes over time, the survey indicated most disaster recovery solutions would not meet recovery objectives. Read Article

 

Five Key Considerations When Adopting A Seed Vault Approach For Ransomware Protection

A “seed vault” approach to ransomware protection can be a last-resort method for organizations to access their data in the event of a catastrophic availability event such as a ransomware attack. Read Article

July 4th celebrates our independence from outside rule. Unfortunately for all of us, cyber-attacks have ramped up in quantity and intensity since the holiday, and those outside your organization are intent on trying to seize control of your operations.

Thinking for a minute or even a second that your systems are secure from attack is a mistake. Nothing is 100%, especially cyber security, and no sector is safe from cybercriminals. Now is the time to redouble your efforts and invest wisely in your operational security.

Going it alone is a tactic that many attempt and the consequences of doing so can be catastrophic. Consider a relationship with a 3rd party subject matter expert to confirm your best efforts are exactly that. The importance of utilizing a cyber security specialist such as JANUS has never been greater. Reach out to us for a conversation.