One Article Review
| Source |  Kovrr |
|---|---|
| Identifiant | 8393605 |
| Date de publication | 2021-07-27 00:00:00 (vue: 2023-10-10 07:25:35) |
| Titre | Un été des exploits d'été des exploits de ransomware qui ont eu lieu à l'été 2021 A Summer of ExploitsA summary of ransomware exploits that took place in the summer of 2021Read More |
| Texte | Over the past few weeks several dramatic vulnerabilities were exposed in different ubiquitous products and platforms, including the Microsoft Windows OS, the Solarwinds Serv-U Managed File Transfer and Serv-U Secure FTP products, and Kaseyaâs services.â1. Print Night Mare2. Print Nightmare Update3. Kaseya\'s Clients Important Notice4. CISA\'s public alert5. Reuters Article about Data ransom6. Microsoft\'s emergency patch fails7. SolarWinds Zero-day vulnerability8. SolarWinds alerted by Microsoft9. Kaseya restores servicesâSummary of the EventsâKaseyaWhat happened? On July 2nd, a cyber attack was launched against the IT solutions company Kaseya. Kaseya provides IT solutions including VSA, a unified remote-monitoring and management tool for handling networks and endpoints. In addition, the company provides compliance systems, service desks, and a professional services automation platform to over 40,000organizations worldwide.The cyberattack has been attributed to the REvil/Sodinikibi ransomware group whose ransomware was first detected in April 2019. The groupâs usual propagation method is phishing emails containing malicious links. Some of the groupâs most prominent victim industries in the last two years were healthcare facilities and local governments. REvil has offered a decryption key, allegedly universal - able to unlock all encrypted systems, for the âbargainâ price of $70 million via bitcoin (BTC) cryptocurrency. On July 13th, all of REvilâs online activity stopped and the groups data-dump websites were shut down without further information, leaving the victims of their latest attacks hostage with encrypted files and no valid payment address or decryption keys.Who was impacted? On July 2nd Kaseya claimed that the attack affected only a small number of on-premise clients, In a press release published on July 5th the company estimated that the number of clients impacted by the attack is between 800 and 1500 businesses.âPrintNightmareWhat happened? On June 8th, Microsoft published a CVE advisory for a vulnerability in the Windows PrintSpooler service which is enabled by default in all Windows clients and servers across almost all modern Windows versions. This vulnerability was initially categorized as a low severity local privilege escalation (LPE) vulnerability by Microsoft and a patch for it was released on June 21st. A week later, researchers published a successful PoC of the exploitation and claimed that the vulnerability is in fact a high severity RCE and PE vulnerability. On July 1st, a separate vulnerability in the same Windows Print Spooler service was discovered, similar to the first vulnerability, this new âPrintNightmareââ was also a RCE andLPE vulnerability that would allow attackers system privileges with which they could install programs; view, change, or delete data; or create new accounts with full user rights.After the high severity of the vulnerability was acknowledged, Microsoft published an out-of band patch on July 6th and claimed to have fully addressed the public vulnerability. However, on July 7th researchers presented additional successful PoCs and claimed that the patch can be bypassed.Who was impacted? This vulnerability affects all modern unpatched client and server versions of Windows.According to Kaspersky, the vulnerability was already exploited but no further information regarding victims is currently available.âSolarwindsWhat happened? On July 9th, Solarwinds published an announcement claiming that they were informed by Microsoft of an exploited zero-day vulnerability in their Serv-U Managed File Transfer and Serv-U Secure FTP products.On July 10th, Solarwinds released a patch to fix the vulnerability and claimed that this event is unrelated to the Solarwinds supply chain attack that occurred in December of 2020.The vulnerability allows an attacker to run arbitrary code with privileges, and then install programs; view, change, or delete data; or |
| Envoyé | Oui |
| Condensat | $70 000organizations 100 10th 13th 1500 1st 2019 2020 2021read 21st 2nd 5th 6th 7th 800 8th 9th able about according account accounts acknowledged across activity addition additional address addressed advisory affected affects affirmative after against agencies alert5 alerted all alleged allegedly allow allows almost already also although andlpe announcement april arbitrary are article assess attack attacker attackers attacks attributed automation available band based been being between biggest bitcoin btc businesses but buying bypassed calculation can categorized chain change cisa claimed claiming client clients code companies companiesâ company compliance containing could coverage create cryptocurrency currently customers cve cyber cyberattack damage data data; day december decryption default delete demo demonstrate desks detected different discovered down dramatic dump elements emails emergency enabled encrypted endpoints escalation estimated event eventsâkaseyawhat eventâs exact exploitation exploited exploits exploitsa exposed facilities fact fails7 file files financial first fix from ftp full fully further governments group groups groupâs handling happened hard has have healthcare high hostage however identity impacted important including industries information informed initially install insurance july june kaseya kaseyaâs kaspersky key keys kovrr large last later latest launched leaving links local locations losses low lpe mainly malicious managed management mare2 market method microsoft microsoft9 million modern moment monitoring more most multiple networks new news night nightmare nine notice4 number occurred offered online only order out over overall past patch payment phishing place platform platforms poc pocs portfolio potential potentially premise presented press price print printspooler private privilege privileges produced products professional programs programs; prominent propagation provides public published ransom6 ransomware ransomwareas ratios rce regarding release released remains remote reports researchers restores reuters revil revil/sodinikibi revilâs rights run same scope secure separate serv server servers service services servicesâsummary several severity shows shut similar situation sizes small solarwinds solutions some spooler stopped study successful suffer summary summer supply system systems then took tool transfer two typical ubiquitous unaware unified universal unknown unlock unpatched unrelated update3 user usual valid versions victim victims view vsa vulnerabilities vulnerability vulnerability8 websites week weeks which who whose windows without worldwide would years zero â1 âprintnightmarewhat âsolarwindswhat ââ ââcase âbargainâ âprintnightmareââ |
| Tags | Ransomware Tool Vulnerability Studies |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.