This new security feed is a resource for MSPs and IT professionals to stay up to date with the latest cybersecurity news and vulnerability alerts related to OS, browsers, VPN and RDP. Protect your business and your clients with security news as it comes.

VMware Patches Vulnerability in VMware ESXi and Cloud Foundation

Tuesday, July 13, 2021

VMware has patched a vulnerability in their VMware ESXi and Cloud Foundation products.

This vulnerability could be exploited by an attacker with network access to port 5989 to bypass SFCB authentication on an affected ESXi server.

Administrators should update immediately to avoid potential exploitation.

Read the full details here:
VMware ESXi updates address authentication and denial of service vulnerabilities

Solarwinds Patches Critical Vulnerability in Serv-U Managed File Transfer and Serv-U Secure FTP

Friday, July 9, 2021

Solarwinds has released updates to address a critical remote code execution (RCE) vulnerability in their “Serv-U Managed File Transfer” and “Serv-U Secure FTP” products.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to immediately log in to their customer portal and install the “Serv-U version 15.2.3 hotfix (HF) 2” update.

Important links:
Solarwinds Serv-U Security Advisory for Serv-U Remote Memory Escape Vulnerability
ZDNet: SolarWinds releases security advisory after Microsoft says customers ‘targeted’ through vulnerability

General Advisory: Guidance for Kaseya VSA Attack

Tuesday, July 6, 2021

While Splashtop has not been impacted, we know that organizations globally are concerned about the Kaseya VSA ransomware attack. Please note that new guidance is now available from Kaseya and they strongly suggest that you take the steps below to keep your systems secure.

System administrators are urged to immediately follow the recommendations listed in the articles below:
CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
Kaseya Important Notice July 7th, 2021

Technical details about the ransomware attack are available here:
Kaseya Incident Overview & Technical Details
REvil ransomware attack against MSPs and its clients around the world

This attack impacts Kaseya customers using the on-premises version of Kaseya VSA. Kaseya has not found any evidence to suggest that SaaS customers were compromised.

Please note that there is no evidence to suggest that Splashtop or it’s customers were impacted by the recent attack on Kaseya. The Splashtop security team monitors and evaluates security risks and vulnerabilities reported in the industry and takes immediate action when warranted. Splashtop has taken multiple actions to protect Splashtop and our customers. We will continue to monitor our environment closely to ensure we take every precaution to keep our customers and their data safe and secure.

Microsoft Patches “PrintNightmare” Print Spooler RCE Vulnerability

Tuesday, July 6, 2021

Microsoft has released an out-of-band security update to fix a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the latest Windows updates as soon as possible.

Users should also update Windows as soon as possible to avoid potential exploitation.

Important links:
Out-of-Band (OOB) Security Update available for CVE-2021-34527
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
PrintNightmare Breakdown: Analysis and Remediation

General Advisory: Kaseya VSA Attack

Friday, July 2, 2021

Kaseya is investigating a potential ransomware attack affecting Kaseya VSA servers.

System administrators are urged to immediately shut down any Kaseya VSA servers until more details are released.

Important links:
Kaseya Important Notice July 2nd, 2021
Kaseya VSA Supply-Chain Ransomware Attack

Windows “PrintNightmare” Print Spooler RCE Vulnerability

Thursday, July 1, 2021

Microsoft has released details of a critical remote code execution vulnerability that exists in the Windows Print Spooler service dubbed “PrintNightmare”.

This vulnerability could be exploited by a remote attacker to take control of an affected system, and it is known to be exploited in the wild.

System administrators are urged to disable the Print Spooler service and install the June 2021 updates as soon as possible.

Important links:
Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Warns of Critical “PrintNightmare” Flaw Being Exploited in the Wild
CISA Offers New Mitigation for PrintNightmare Bug

Microsoft Edge Security Update Released (91.0.864.59)

Thursday, June 24, 2021

Microsoft Edge version 91.0.864.59 has been released. This update includes security fixes. Users should update as soon as possible to avoid potential exploitation.

Important links:
How to update Microsoft Edge web browser
Microsoft Edge Release Notes

VMware Patches Critical Vulnerability in Carbon Black App Control

Tuesday, June 22, 2021

VMware has patched a critical security vulnerability in Carbon Black App Control that could allow a remote attacker to take control of an affected system.

Administrators should update to version 8.6.2 immediately to avoid potential exploitation.

Read the full details here:
VMware Security Advisory VMSA-2021-0012