The Weekly Rundown is a new feature summarising the most prominent stories of the week in the world of Cybersecurity, Privacy and Technology in an easy-to-follow, brief format.
In the week where sports fans looked to the final of both EURO 2020 and Wimbledon, equally big events occurred in the tech sphere too. From the critical PrintNightmare vulnerability and the prolonged coverage of the Kaseya ransomware attack, there is lot’s to get through.
PrintNightmare patched: but still a bad dream
What happened: Security researchers prematurely published proof-of-concept exploit code for a vulnerability in the Windows Print Spooler, mistakenly thinking it was already patched after confusing it with a very similar, but distinct, Windows Print Spooler vulnerability.
Who was affected: Essentially anyone with a Windows device. All Windows versions were affected, although those machines acting as domain controllers were particularly a matter of concern.
Why it matters: The vulnerability allowed for remote code execution. This has since been patched but local attacks remain possible.
What now: The key is to ensure all machines are patched ASAP. Even so, devices should have the print spooler disabled if they are never to be used for printing.
Where can I read more? Check out the article here.
Kaseya Ransomware Attack: Targeted phishing attacks begin
What happened: Kaseya, a company that provides IT management software globally, was hit by a ransomware attack from REvil, the group also responsible for an earlier attack JBS, the American meat producer.
Who was affected: Kaseya, its customers, and customers-of-customers were affected in this large-scale supply chain attack. Potentially over 1000 businesses that use Kaseya in their supply chain were affected. Swedish supermarket chain Coop had to close over 500 of its stores.
Why it matters: Attackers that can successfully perform large supply chain attacks have the potential to cause damage both directly and indirectly to businesses and customers.
What now: Kaseya reports that spammers are taking advantage of the event to send out fake emails posing as Kaseya updates. As per Kaseya’s official announcements, the effects of the attack are ongoing a week after news emerged.
Where can I read more? Check out the article here.
NSW Department of Education attacked
The New South Wales Department of Education revealed it was hit by a Cyber attack on Thursday.
What happened: The D of E in the Australian region deactivated a number of systems as a precaution. This attack comes as preparations were being made for the start of the third academic term of the year.
Who was affected: It is said that the affect to students and parents remains minimal. Many students are learning at home due to a 3-week lockdown imposed to curb the spread of COVID-19 in the area. Work is being carried out to ensure learning is not disrupted and that student data is secure.
Why it matters: Whilst all attacks are troubling, targeting education is particularly evil. The affects of the pandemic have been severe for students and staff – a cyber attack is not helpful. But it shows the importance of good security applies everywhere.
What now: The matter is under investigation.
Where can I read more? Please read this ZDnet article for more details.
Apps from Google Play harvested Facebook credentials
Nine malicious apps reportedly collected the Facebook credentials of unsuspecting users, according to analysts.
What happened: Apps appearing to provide legitimate functionality, such as cache cleaners and horoscope readings asked users to log-in with Facebook to access the full features of the app. At this point, usernames and passwords were collected.
Who was affected: In total, the apps were downloaded over 5 million times.
Why it matters: The collected details could be used in credential stuffing attacks to further compromise user data.
What now: If you have any of the detected apps installed, uninstall them immediately and change your Facebook password. In the future, use extra caution when downloading apps – even official app stores can host malicious software.
Where can I read more? You can read an article here on Cyware (via Hacker News), and the analysts report here.