This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

General Advisory: SonicWall Warns of “Imminent Ransomware Campaign” Targeting EOL Devices

Wednesday, July 14, 2021

SonicWall has posted an urgent security alert warning customers of an “an imminent ransomware campaign” targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices running end-of-life (EOL) 8.x firmware.

The security alert explains that legacy devices affected by this advisory “are at imminent risk of a targeted ransomware attack.”

System administrators are urged to update to the latest 9.x or 10.x firmware versions or immediately disconnect the devices and reset passwords to avoid potential ransomware attacks.

Important links:
Sonicwall Urgent Security Notice: Critical Risk To Unpatched End-Of-Life SRA & SMA 8.X Remote Access Devices
SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment

VMware Patches Vulnerability in VMware ESXi and Cloud Foundation

Tuesday, July 13, 2021

VMware has patched a vulnerability in their VMware ESXi and Cloud Foundation products.

This vulnerability could be exploited by an attacker with network access to port 5989 to bypass SFCB authentication on an affected ESXi server.

Administrators should update immediately to avoid potential exploitation.

Read the full details here:
VMware ESXi updates address authentication and denial of service vulnerabilities

Solarwinds Patches Critical Vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP

Friday, July 9, 2021

Solarwinds has released updates to address a critical remote code execution (RCE) vulnerability in their “Serv-U Managed File Transfer” and “Serv-U Secure FTP” products.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to immediately log in to their customer portal and install the “Serv-U version 15.2.3 hotfix (HF) 2” update.

Important links:
Solarwinds Serv-U Security Advisory for Serv-U Remote Memory Escape Vulnerability
ZDNet: SolarWinds releases security advisory after Microsoft says customers ‘targeted’ through vulnerability

Microsoft Patches “PrintNightmare” Print Spooler RCE Vulnerability

Tuesday, July 6, 2021

Microsoft has released an out-of-band security update to fix a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the latest Windows updates as soon as possible.

Users should also update Windows as soon as possible to avoid potential exploitation.

Important links:
Out-of-Band (OOB) Security Update available for CVE-2021-34527
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
PrintNightmare Breakdown: Analysis and Remediation

Windows “PrintNightmare” Print Spooler RCE Vulnerability

Thursday, July 1, 2021

Microsoft has released details of a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the June 2021 updates as soon as possible.

Important links:
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
CISA Offers New Mitigation for PrintNightmare Bug

VMware Patches Critical Vulnerability in Carbon Black App Control

Tuesday, June 22, 2021

VMware has patched a critical security vulnerability in Carbon Black App Control that could allow a remote attacker to take control of an affected system.

Administrators should update to version 8.6.2 immediately to avoid potential exploitation.

Read the full details here:
VMware Security Advisory VMSA-2021-0012

Cisco Patches Vulnerabilities in Multiple Products (June 2021)

Thursday, June 17, 2021

Cisco has released software updates to fix high priority vulnerabilities in multiple products.

Attackers could exploit these vulnerabilities to take control of an affected system.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
US NCAS: Cisco Releases Security Updates for Multiple Products
Cisco Security Advisories

Windows Security Updates Released (June 2021)

Tuesday, June 8, 2021

Microsoft has released June 2021 security updates for Windows 10/8/7, Windows Server 2016/2012/2008, and SharePoint Server 2019/2016/2013.

These updates include 33 security fixes, including 5 fixes for critical security issues. Users should update as soon as possible to avoid potential exploitation.

System administrators should update servers as soon as possible to avoid potential exploitation.

Important links:
How to update Windows
June 2021 Security Updates (Release Notes)

MTA Systems in NYC Hacked Using Pulse Secure VPN Vulnerability

Thursday, June 3, 2021

Metropolitan Transportation Authority (MTA) systems in New York City were hacked using a vulnerability in Pulse Secure VPN. The hackers did not gain access to systems that control trains and the personal data of riders was not compromised.

Other news reports that 16 malware families from China are being used to infect Pulse Secure VPN appliances.

System administrators are urged to follow the “Forensics, Remediation, and Hardening Guidelines” in this article:
FireEye Blog: Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

Important news:
Chinese hackers used Pulse Secure zero day vulnerability to infiltrate MTA systems
CISA-FireEye: 16 malware families from China infect Pulse Secure VPN appliances

Cisco Patches Lasso SAML Implementation Vulnerability Affecting Cisco Products

Tuesday, June 1, 2021

Cisco has released software updates to apply fixes for a vulnerability in the Lasso SSO library.

Authenticated attackers could exploit this vulnerability to impersonate another user.

Administrators should apply updates immediately to avoid potential exploitation.

Important links:
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021