Latest News Articles



--- TLP:WHITE ---

News

− Swedish Coop supermarkets shut due to US ransomware cyber-attack

Swedish Coop supermarkets shut due to US ransomware cyber-attack l33tdawg Mon, 07/05/2021 - 00:26

https://news.hitb.org/content/swedish-coop-supermarkets-shut-due-us-ransomware-cyber-attack

− New Ransomware 'Diavol' Linked to Notorious Cybercrime Gang

Wizard Spider, the notorious cybercrime gang that operated the TrickBot botnet and the Ryuk and Conti

https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider

− US and UK Cybersecurity Agencies Blames APT28 Gang for Massive Cyberattacks

Russian cybercriminal organization APT28 has been accused of multiple significant brute force attacks by the UK and US cybersecurity agencies in a joint statement, according to Security Affairs. Authorities discovered cybercriminal activities between the middle of 2019 and the beginning of 2021 that targeted many government organizations and enterprises around the world, including energy firms, think tanks, and defense contractors.

https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF

Vulnerabilities

− Microsoft Windows Print Spooler allows for RCE

The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.

https://kb.cert.org/vuls/id/383432

− Microsoft Windows Print Spooler RCE Vulnerability -CVE-2021-34527

CSIRT-IE strongly recommend that all organisations examine the Security Up-date Guide from Microsoft and apply appropriate mitigations where neccesary. This advisory will be updated as additional information become available.

https://www.ncsc.gov.ie/pdfs/MS_printspooler_090721-UPDATE.pdf

Clarified Guidance for CVE-2021-34527 Windows Print Spooler Vulnerability

On Tuesday July 6, 2021, Microsoft issued CVE-2021-34527 regarding a Windows Print Spooler vulnerability. Updates were released on July 6 and 7 which addressed the vulnerability for all supported Windows versions. Following the out of band release (OOB) we investigated claims regarding the effectiveness of the security update and questions around the suggested mitigations.

https://msrc-blog.microsoft.com/2021/07/08/clarified-guidance-for-cve-2021-34527-windows-print-spooler-vulnerability/

− CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack

CISA and the Federal Bureau of Investigation (FBI) continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CSIRT-IE Constituents should confirm any exposure to this risk with their managed service providor.

https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa

− Cisco Releases Security Updates for Multiple Products

CSIRT-IE encourages consituents to assess the following Cisco advisories and apply the necessary updates:

Cisco Web Security Appliance Privilege Escalation Vulnerability cisco-sa-scr-web-priv-esc-k3HCGJZ

Cisco Business Process Automation Privilege Escalation Vulnerabilities cisco-sa-bpa-priv-esc-dgubwbH4

Community News

− Lero Researchers Create Tool to Assess Cyber Risk

A new cyber risk tool, created by researchers at Lero, the Science Foundation Ireland (SFI) Research Centre for Software, enables large organisations to identify, assess and mitigate cyber risks, and enable insurance companies to design appropriate insurance products.

https://irishtechnews.ie/lero-researchers-create-tool-to-assess-cyber-risk/

--- TLP:WHITE ---