This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

General Advisory: SonicWall Warns of “Imminent Ransomware Campaign” Targeting EOL Devices

Wednesday, July 14, 2021

SonicWall has posted an urgent security alert warning customers of an “an imminent ransomware campaign” targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices running end-of-life (EOL) 8.x firmware.

The security alert explains that legacy devices affected by this advisory “are at imminent risk of a targeted ransomware attack.”

System administrators are urged to update to the latest 9.x or 10.x firmware versions or immediately disconnect the devices and reset passwords to avoid potential ransomware attacks.

Important links:
Sonicwall Urgent Security Notice: Critical Risk To Unpatched End-Of-Life SRA & SMA 8.X Remote Access Devices
SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment

General Advisory: Guidance for Kaseya VSA Attack

Tuesday, July 6, 2021

While Splashtop has not been impacted, we know that organizations globally are concerned about the Kaseya VSA ransomware attack. Please note that new guidance is now available from Kaseya and they strongly suggest that you take the steps below to keep your systems secure.

System administrators are urged to immediately follow the recommendations listed in the articles below:
CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
Kaseya Important Notice July 7th, 2021

Technical details about the ransomware attack are available here:
Kaseya Incident Overview & Technical Details
REvil ransomware attack against MSPs and its clients around the world

This attack impacts Kaseya customers using the on-premises version of Kaseya VSA. Kaseya has not found any evidence to suggest that SaaS customers were compromised.

Please note that there is no evidence to suggest that Splashtop or it’s customers were impacted by the recent attack on Kaseya. The Splashtop security team monitors and evaluates security risks and vulnerabilities reported in the industry and takes immediate action when warranted. Splashtop has taken multiple actions to protect Splashtop and our customers. We will continue to monitor our environment closely to ensure we take every precaution to keep our customers and their data safe and secure.

General Advisory: Kaseya VSA Attack

Friday, July 2, 2021

Kaseya is investigating a potential ransomware attack affecting Kaseya VSA servers.

System administrators are urged to immediately shut down any Kaseya VSA servers until more details are released.

Important links:
Kaseya Important Notice July 2nd, 2021
Kaseya VSA Supply-Chain Ransomware Attack

General Advisory: Several Recent Ransomware Attacks

Sunday, June 6, 2021

Ransomware is a form of malware designed to encrypt files on a device to render them unusable until a ransom is paid for a decryption key. Ransom DDoS attacks involve overwhelming public servers with large volumes of traffic to bring them offline until a ransom is paid.

Several recent ransomware attacks have made headlines, including attacks on JBS (a global meat processor), Colonial Pipeline (a top US fuel pipeline), CNA financial (a large US insurance company), and Bose (an audio electronics manufacturer).

Administrators are urged to review ransomware guidance, follow best practices for preventing ransomware attacks, ensure that data is backed up regularly, and create a continuity plan to follow in case a ransomware attack occurs.

Important resources:
CISA.gov Ransomware Guidance and Resources
CISA.gov Fact Sheet: Rising Ransomware Threat to Operational Technology Assets
FBI Ransomware Guidance

Important news:
Global meat processor JBS shuts part of operation to blunt cyberattack fallout
Three takeaways from the Colonial Pipeline attack
One of the US’s largest insurance companies reportedly paid $40 million to ransomware hackers
Bose Admits Ransomware Hit: Employee Data Accessed
Exchange Servers Targeted by ‘Epsilon Red’ Malware

General Advisory: New sophisticated email-based attack from NOBELIUM

Thursday, May 27, 2021

Microsoft has announced details of a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components.

On May 25, 2021, NOBELIUM used Constant Contact (a legitimate mass-mailing service), to distribute malicious URLs as part of a phishing attack.

Administrators are urged to use the resources below to understand the risks, apply mitigations, and scan for indicators of compromise (IOC).

Read the full details here:
Microsoft Blog: New sophisticated email-based attack from NOBELIUM
Microsoft Blog: Another Nobelium Cyberattack
Microsoft Blog: Breaking down NOBELIUM’s latest early-stage toolset

General Advisory: New Android Spyware Poses as a System Update

Saturday, March 27, 2021

New Android spyware is posing as a system update. Installing the “System Update” app through a third-party Android app store will infect Android with spyware. Infected Android devices can be fully compromised and remotely controlled, resulting in theft of data, messages, and images.

Android users are urged to never install an app called “System Update” and follow the normal procedure for updating Android instead:
How to check & update your Android version

Read the full details here:
New Android malware spies on you while posing as a System Update

General Advisory: Microsoft Releases One-Click Mitigation Tool for Critical On-Premises Exchange Vulnerabilities

Monday, March 15, 2021

Microsoft has released a one-click mitigation tool as an interim mitigation for on-premises exchange vulnerabilities. It’s designed to prevent attacks for servers that have not yet applied the on-premises exchange security updates.

The on-premises exchange vulnerabilities are being exploited in the wild at an alarming rate, causing CISA to issue an emergency directive on March 3rd, 2021.

Attackers can gain persistent system access and control of an enterprise network without authenticating, and are known to install malware on compromised systems.

Any on-premises exchange servers should run the mitigation tool immediately to prevent exploitation of these vulnerabilities and then apply security updates as soon as possible.

Read the full details here:
One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021

General Advisory: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

Wednesday, March 3, 2021

CISA has issued an emergency directive after observing active exploitation of vulnerabilities in Microsoft Exchange on-premises products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.

Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments.

Read the full details here:
Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

General Advisory: Massive increase in RDP attack attempts during 2020

Monday, February 8, 2021

Between Q1 and Q4 2020, ESET telemetry recorded a staggering 768% increase in RDP attack attempts.

Read the full details here:
ESET issues its Q4 2020 Threat Report recording a massive increase in RDP attack attempts since Q1

General Advisory: Heightened Cybersecurity Threats Amid COVID-19

Wednesday, December 30, 2020

The healthcare sector is experiencing a new increase in cyber risk due to resource constraints from COVID-19 and a transition to remote work environments.

Read the full CISA blog here:
Confronting heightened cybersecurity threats amid COVID-19