The Lighthouse IT Podcast: BONUS EPISODE - July 7th, 2021
Kaseya VSA Attack
On July 2, while many businesses had staff either already off or preparing for a long holiday weekend, an affiliate of the REvil ransomware group launched a widespread crypto-extortion gambit. Huntress found and tracked about 30 MSPs across the world where Kaseya VSA was used to encrypt around 1,500 (unconfirmed, might be more) businesses and are working in collaboration with many of them. All of these VSA servers are on-premises and Huntress has confirmed that cybercriminals have exploited an arbitrary file upload and code injection vulnerability and have high confidence an authentication bypass was used to gain access into these servers.
Check out a good overview of the attack here: READ MORE
You can also see Huntress' updates here for the more up-to-date technical news: READ MORE
Critical ‘PrintNightmare’ vulnerability
“We recommend that you install these updates immediately,” says Microsoft. “The security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as ‘PrintNightmare’, documented in CVE-2021-34527.”
After security researchers accidentally published proof-of-concept (PoC) exploit code. Microsoft has issued out-of-band security updates to address the flaw, and has rated it as critical as attackers can remotely execute code with system-level privileges on affected machines.
Microsoft is even patching Windows 7...
Have a Question?
We'd love to know what's on your mind - submit your questions and we'll try to answer them!