The security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

General Advisory: New sophisticated email-based attack from NOBELIUM

Thursday, May 27, 2021

Microsoft has announced details of a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components.

On May 25, 2021, NOBELIUM used Constant Contact (a legitimate mass-mailing service), to distribute malicious URLs as part of a phishing attack.

Administrators are urged to use the resources below to understand the risks, apply mitigations, and scan for indicators of compromise (IOC).

Read the full details here:
Microsoft Blog: New sophisticated email-based attack from NOBELIUM
Microsoft Blog: Another Nobelium Cyberattack
Microsoft Blog: Breaking down NOBELIUM’s latest early-stage toolset

General Advisory: New Android Spyware Poses as a System Update

Saturday, March 27, 2021

New Android spyware is posing as a system update. Installing the “System Update” app through a third-party Android app store will infect Android with spyware. Infected Android devices can be fully compromised and remotely controlled, resulting in theft of data, messages, and images.

Android users are urged to never install an app called “System Update” and follow the normal procedure for updating Android instead:
How to check & update your Android version

Read the full details here:
New Android malware spies on you while posing as a System Update

General Advisory: Microsoft Releases One-Click Mitigation Tool for Critical On-Premises Exchange Vulnerabilities

Monday, March 15, 2021

Microsoft has released a one-click mitigation tool as an interim mitigation for on-premises exchange vulnerabilities. It’s designed to prevent attacks for servers that have not yet applied the on-premises exchange security updates.

The on-premises exchange vulnerabilities are being exploited in the wild at an alarming rate, causing CISA to issue an emergency directive on March 3rd, 2021.

Attackers can gain persistent system access and control of an enterprise network without authenticating, and are known to install malware on compromised systems.

Any on-premises exchange servers should run the mitigation tool immediately to prevent exploitation of these vulnerabilities and then apply security updates as soon as possible.

Read the full details here:
One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021

General Advisory: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

Wednesday, March 3, 2021

CISA has issued an emergency directive after observing active exploitation of vulnerabilities in Microsoft Exchange on-premises products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.

Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments.

Read the full details here:
Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

General Advisory: Massive increase in RDP attack attempts during 2020

Monday, February 8, 2021

Between Q1 and Q4 2020, ESET telemetry recorded a staggering 768% increase in RDP attack attempts.

Read the full details here:
ESET issues its Q4 2020 Threat Report recording a massive increase in RDP attack attempts since Q1

General Advisory: Heightened Cybersecurity Threats Amid COVID-19

Wednesday, December 30, 2020

The healthcare sector is experiencing a new increase in cyber risk due to resource constraints from COVID-19 and a transition to remote work environments.

Read the full CISA blog here:
Confronting heightened cybersecurity threats amid COVID-19

General Advisory: Enterprise VPN Security Considerations for Working Remotely

Friday, March 13, 2020

As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity.

Read the full details here:
CISA NCAS Alert: Enterprise VPN Security

Subscribe to the Feed