This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

General Advisory: SonicWall Warns of “Imminent Ransomware Campaign” Targeting EOL Devices

Wednesday, July 14, 2021

SonicWall has posted an urgent security alert warning customers of an “an imminent ransomware campaign” targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices running end-of-life (EOL) 8.x firmware.

The security alert explains that legacy devices affected by this advisory “are at imminent risk of a targeted ransomware attack.”

System administrators are urged to update to the latest 9.x or 10.x firmware versions or immediately disconnect the devices and reset passwords to avoid potential ransomware attacks.

Important links:
Sonicwall Urgent Security Notice: Critical Risk To Unpatched End-Of-Life SRA & SMA 8.X Remote Access Devices
SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment

Firefox Security Update Released (90)

Tuesday, July 13, 2021

Mozilla has released Firefox version 90 with fixes for multiple high priority security issues.

Users should update as soon as possible.

Important links:
How to update Firefox to the latest release
Firefox 90 Release Notes

VMware Patches Vulnerability in VMware ESXi and Cloud Foundation

Tuesday, July 13, 2021

VMware has patched a vulnerability in their VMware ESXi and Cloud Foundation products.

This vulnerability could be exploited by an attacker with network access to port 5989 to bypass SFCB authentication on an affected ESXi server.

Administrators should update immediately to avoid potential exploitation.

Read the full details here:
VMware ESXi updates address authentication and denial of service vulnerabilities

Solarwinds Patches Critical Vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP

Friday, July 9, 2021

Solarwinds has released updates to address a critical remote code execution (RCE) vulnerability in their “Serv-U Managed File Transfer” and “Serv-U Secure FTP” products.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to immediately log in to their customer portal and install the “Serv-U version 15.2.3 hotfix (HF) 2” update.

Important links:
Solarwinds Serv-U Security Advisory for Serv-U Remote Memory Escape Vulnerability
ZDNet: SolarWinds releases security advisory after Microsoft says customers ‘targeted’ through vulnerability

General Advisory: Guidance for Kaseya VSA Attack

Tuesday, July 6, 2021

While Splashtop has not been impacted, we know that organizations globally are concerned about the Kaseya VSA ransomware attack. Please note that new guidance is now available from Kaseya and they strongly suggest that you take the steps below to keep your systems secure.

System administrators are urged to immediately follow the recommendations listed in the articles below:
CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
Kaseya Important Notice July 7th, 2021

Technical details about the ransomware attack are available here:
Kaseya Incident Overview & Technical Details
REvil ransomware attack against MSPs and its clients around the world

This attack impacts Kaseya customers using the on-premises version of Kaseya VSA. Kaseya has not found any evidence to suggest that SaaS customers were compromised.

Please note that there is no evidence to suggest that Splashtop or it’s customers were impacted by the recent attack on Kaseya. The Splashtop security team monitors and evaluates security risks and vulnerabilities reported in the industry and takes immediate action when warranted. Splashtop has taken multiple actions to protect Splashtop and our customers. We will continue to monitor our environment closely to ensure we take every precaution to keep our customers and their data safe and secure.

Microsoft Patches “PrintNightmare” Print Spooler RCE Vulnerability

Tuesday, July 6, 2021

Microsoft has released an out-of-band security update to fix a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the latest Windows updates as soon as possible.

Users should also update Windows as soon as possible to avoid potential exploitation.

Important links:
Out-of-Band (OOB) Security Update available for CVE-2021-34527
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
PrintNightmare Breakdown: Analysis and Remediation

General Advisory: Kaseya VSA Attack

Friday, July 2, 2021

Kaseya is investigating a potential ransomware attack affecting Kaseya VSA servers.

System administrators are urged to immediately shut down any Kaseya VSA servers until more details are released.

Important links:
Kaseya Important Notice July 2nd, 2021
Kaseya VSA Supply-Chain Ransomware Attack

Windows “PrintNightmare” Print Spooler RCE Vulnerability

Thursday, July 1, 2021

Microsoft has released details of a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the June 2021 updates as soon as possible.

Important links:
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
CISA Offers New Mitigation for PrintNightmare Bug

News: June 2021 (6/28-6/30)

Wednesday, June 30, 2021

Secure your cloud environment for long-term success (6/30/21 from SC Media)
Costs from ransomware attack against Ireland health system reach $600M (6/29/21 from SC Media)
Cisco routers come under attack, including a destructive hacktivist campaign (6/29/21 from The Record)
Using VMs to hide ransomware attacks is becoming more popular (6/28/21 from The Record)
Microsoft says SolarWinds hacking group has breached three new victims (6/28/21 from The Record)

News: June 2021 (6/21-6/24)

Thursday, June 24, 2021

Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models Via Dell Remote Os Recovery And Firmware Update Capabilities (6/24/21 from Eclypsium)
Zyxel says a threat actor is targeting its enterprise firewall and VPN devices (6/24/21 from The Record)
Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access (6/23/21 from Threatpost)
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE (6/23/21 from Threatpost)
SonicWall ‘Botches’ October Patch for VPN Bug (6/23/21 from Threatpost)
North Korean hackers breach South Korea’s atomic research agency through VPN bug (6/21/21 from The Record)