Latest News Articles



--- TLP:WHITE ---

News

− NIST has published its Ransomware Guidance

The National Institute of Standards and Technology (NIST) has published new draft guidance for organizations concerning ransomware attacks

https://csrc.nist.gov/CSRC/media/Publications/nistir/draft/documents/NIST.IR.8374-preliminary-draft.pdf

Vulnerabilities

− Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527

Microsoft is investigating a remote code execution vulnerability that affects Windows Print Spooler and has assigned CVE-2021-34527 to this vulnerability. The vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

− Microsoft Windows Print Spooler RCE Vulnerability - CVE-2021-34527 UPDATE

The NCSC are aware of a Remote Code Execution (RCE) vulnerability, along with Proof of Concept (PoC) code for the Microsoft Windows Print Spooler service (CVE-2021-34527). Microsoft have detected exploitation of this vulnerability.

https://ncsc.gov.ie/pdfs/MS_printspooler_010721-UPDATE.pdf

− Cisco ASA vulnerability actively exploited after exploit released

Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter.

https://www.bleepingcomputer.com/news/security/cisco-asa-vulnerability-actively-exploited-after-exploit-released/

− VMware Carbon Black App Control update addresses authentication bypass (CVE-2021-21998)

An authentication bypass in the VMware Carbon Black App Control management server was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product.

https://www.vmware.com/security/advisories/VMSA-2021-0012.html

− Critical Auth Bypass Bug Affects VMware Carbon Black App Control

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The vulnerability, identified as CVE-2021-21998, is rated 9.4 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS)

https://www.vmware.com/security/advisories/VMSA-2021-0013.html

Community News

Cyber Ireland TI Series: 8th Session: Threat Hunting and Playbooks

On the 30th June Cyber Ireland hosted Ismael Valenzuela, Sr. Principal Engineer and Carlos Diaz, Principal Engineer at McAfee to talk us about Threat Hunting and Playbooks. Carlos Diaz and Ismael Valenzuela, two seasoned blue teamers and part of McAfee’s technical leadership team, presented on the topic of ‘cyballistics‘, and how it’s used in the real world to hunt and defend against adversaries that are already in your networks.

https://www.cyberireland.ie/ti-series-session-8-threat-hunting-and-playbooks/

--- TLP:WHITE ---