Cyber Hero Weekly 7/1/2021 - 7/8/2021

Copy of Learn More (1)-2

The ThreatLocker team provides the latest stories to keep you and your customers updated on ransomware and other malicious cybersecurity threats. Here's what's new this week:

Updates on the Kaseya Ransomware Attack

Following last week’s supply chain ransomware attack, Kaseya has noted in a press release that they have received no new reports of compromises since Saturday, July 3rd. They are still urging all customers to keep VSA servers offline until it is safe to proceed with restoration efforts. The press release also says that no other Kaseya products were compromised, however, there have been reports of spam campaigns targeting victims to deliver second-stage malware payloads.

Earlier this week, the ThreatLocker team hosted a live webinar to discuss the attack. The recording is now available.

Watch Now

City and State Cybersecurity Officials Urged to Act on the Ransomware Threat

The White House is now urging US city mayors to collaborate with state officials in updating their cybersecurity plans, as ransomware attacks continue to impact government operations on a local level.

Anne Neuberger, the deputy National Security Advisor for Cyber and Emerging Technology, highlighted the "Improving the Nation's Cybersecurity" Executive Order while speaking at the US Conference of Mayors and said the FBI, as well as CISA, are helping cities to develop policies to combat ransomware attacks.

The push for updates in cybersecurity posture comes as attacks against government infrastructure have become more frequent. Multiple cities, including Tulsa, Atlanta, New Orleans, Baltimore, and others, have been targeted by threat actors in recent months. Not only can personal data be targeted in these attacks, but critical infrastructure like electric, gas, water treatment, and chemical plants are frequent targets that can have a significant social impact.

Read more

Microsoft’s Emergency PrintNightmare Patch Fails to Fix the Vulnerability

PrintNightmare is a recently identified vulnerability in the Windows Print Spooler service that allows rogue users to perform local privilege escalation and remote code execution.

Microsoft released a patch this week to fix the vulnerability. After the update was released, security researchers found that while the patch fixed the remote code execution component of the vulnerability, the local privilege escalation component was still exploitable to bypass the patch entirely. Print Spooler should remain disabled until a working patch is released.

By default, ThreatLocker stops the Print Spooler exploit from running, as ThreatLocker blocks the execution of all unapproved files or applications. We have released information and policy guidance on this exploit.

Read More

Where is ThreatLocker Headed Next?

Check out these virtual and live events ThreatLocker will be attending!

 

Recent Posts