Ce nouveau fil de sécurité est une ressource pour les MSP et les professionnels de l’informatique qui leur permet de se tenir au courant des dernières nouvelles en matière de cybersécurité et des alertes de vulnérabilité liées aux systèmes d’exploitation, aux navigateurs, aux VPN et aux RDP. Protégez votre entreprise et vos clients en suivant l’actualité relative à la sécurité.

General Advisory: ManageEngine ADSelfService Plus Vulnerability

Thursday, September 16, 2021

ManageEngine has released an important security update for ADSelfService Plus to fix a Remote Code Execution (RCE) vulnerability being tracked as CVE-2021-40539.

This vulnerability is known to be exploited in the wild.

System administrators are urged to apply updates immediately to avoid potential exploitation.

Important links:
CISA Alert: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus/a>
ADSelfService Plus 6114 Security Fix Release Notes

General Advisory: Microsoft MSHTML Remote Code Execution Vulnerability

Tuesday, September 7, 2021

Microsoft has released details, mitigations, and workarounds for a MSHTML Remote Code Execution Vulnerability being tracked as CVE-2021-40444.

This vulnerability is known to be exploited in the wild, and it has not been patched with a Windows update as of 9/7/2021.

System administrators are urged to review the guidance and apply mitigations to avoid potential exploitation.

Important links:
CVE-2021-40444: Microsoft MSHTML Remote Code Execution Vulnerability

General Advisory: Risk Considerations For Managed Service Provider Customers

Thursday, September 2, 2021

Cybersecurity & Infrastructure Security Agency (CISA) has published “Risk Considerations For Managed Service Provider Customers”.

Read the full details here:
CISA: Risk Considerations For Managed Service Provider Customers

General Advisory: OpenSSL Releases Security Update

Tuesday, August 24, 2021

OpenSSL has released a security update with a fix for a high priority vulnerability affecting versions 1.1.1k and below.

An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

System administrators are urged to review the security advisory and apply any available updates.

Important links:
OpenSSL Security Advisory

General Advisory: SonicWall Warns of “Imminent Ransomware Campaign” Targeting EOL Devices

Wednesday, July 14, 2021

SonicWall has posted an urgent security alert warning customers of an “an imminent ransomware campaign” targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices running end-of-life (EOL) 8.x firmware.

The security alert explains that legacy devices affected by this advisory “are at imminent risk of a targeted ransomware attack.”

System administrators are urged to update to the latest 9.x or 10.x firmware versions or immediately disconnect the devices and reset passwords to avoid potential ransomware attacks.

Important links:
Sonicwall Urgent Security Notice: Critical Risk To Unpatched End-Of-Life SRA & SMA 8.X Remote Access Devices
SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment

General Advisory: Guidance for Kaseya VSA Attack

Tuesday, July 6, 2021

While Splashtop has not been impacted, we know that organizations globally are concerned about the Kaseya VSA ransomware attack. Please note that new guidance is now available from Kaseya and they strongly suggest that you take the steps below to keep your systems secure.

System administrators are urged to immediately follow the recommendations listed in the articles below:
CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
Kaseya Important Notice July 7th, 2021

Technical details about the ransomware attack are available here:
Kaseya Incident Overview & Technical Details
REvil ransomware attack against MSPs and its clients around the world

This attack impacts Kaseya customers using the on-premises version of Kaseya VSA. Kaseya has not found any evidence to suggest that SaaS customers were compromised.

Please note that there is no evidence to suggest that Splashtop or it’s customers were impacted by the recent attack on Kaseya. The Splashtop security team monitors and evaluates security risks and vulnerabilities reported in the industry and takes immediate action when warranted. Splashtop has taken multiple actions to protect Splashtop and our customers. We will continue to monitor our environment closely to ensure we take every precaution to keep our customers and their data safe and secure.

General Advisory: Kaseya VSA Attack

Friday, July 2, 2021

Kaseya is investigating a potential ransomware attack affecting Kaseya VSA servers.

System administrators are urged to immediately shut down any Kaseya VSA servers until more details are released.

Important links:
Kaseya Important Notice July 2nd, 2021
Kaseya VSA Supply-Chain Ransomware Attack

General Advisory: Several Recent Ransomware Attacks

Sunday, June 6, 2021

Ransomware is a form of malware designed to encrypt files on a device to render them unusable until a ransom is paid for a decryption key. Ransom DDoS attacks involve overwhelming public servers with large volumes of traffic to bring them offline until a ransom is paid.

Several recent ransomware attacks have made headlines, including attacks on JBS (a global meat processor), Colonial Pipeline (a top US fuel pipeline), CNA financial (a large US insurance company), and Bose (an audio electronics manufacturer).

Administrators are urged to review ransomware guidance, follow best practices for preventing ransomware attacks, ensure that data is backed up regularly, and create a continuity plan to follow in case a ransomware attack occurs.

Important resources:
CISA.gov Ransomware Guidance and Resources
CISA.gov Fact Sheet: Rising Ransomware Threat to Operational Technology Assets
FBI Ransomware Guidance

Important news:
Global meat processor JBS shuts part of operation to blunt cyberattack fallout
Three takeaways from the Colonial Pipeline attack
One of the US’s largest insurance companies reportedly paid $40 million to ransomware hackers
Bose Admits Ransomware Hit: Employee Data Accessed
Exchange Servers Targeted by ‘Epsilon Red’ Malware

General Advisory: New sophisticated email-based attack from NOBELIUM

Thursday, May 27, 2021

Microsoft has announced details of a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components.

On May 25, 2021, NOBELIUM used Constant Contact (a legitimate mass-mailing service), to distribute malicious URLs as part of a phishing attack.

Administrators are urged to use the resources below to understand the risks, apply mitigations, and scan for indicators of compromise (IOC).

Read the full details here:
Microsoft Blog: New sophisticated email-based attack from NOBELIUM
Microsoft Blog: Another Nobelium Cyberattack
Microsoft Blog: Breaking down NOBELIUM’s latest early-stage toolset

General Advisory: New Android Spyware Poses as a System Update

Saturday, March 27, 2021

New Android spyware is posing as a system update. Installing the “System Update” app through a third-party Android app store will infect Android with spyware. Infected Android devices can be fully compromised and remotely controlled, resulting in theft of data, messages, and images.

Android users are urged to never install an app called “System Update” and follow the normal procedure for updating Android instead:
How to check & update your Android version

Read the full details here:
New Android malware spies on you while posing as a System Update

Subscribe to the Feed