yaracroft @venom@nanao.cybtex.fr

#France - Baromètre sur les fuites de données 2020 - #databreach #ransowmare #cyber

https://www.forum-fic.com/Data/DO/tgBloc/29904/fr/params/file/BAROMETRE-DATA-BREACH-VDEF.pdf

It was probably inevitable that the two dominant #cybersecurity threats of the day - #supply #chain attacks and ransomware would combine to wreak havoc.
« This is SolarWinds, but with ransomware » (Brett Callow, Threat Analyst at Emsisoft )
Attackers have been able to distribute their #malware bundle to MSPs, which includes the #ransomware itself as well as a copy of #Windows Defender and an expired but legitimately signed certificate that has not yet been revoked. #wormable

https://www.wired.com/story/kaseya-supply-chain-ransomware-attack-msps/

CVE-2021-1675 (PrintNightmare) : RCE in Windows Spooler Service

https://github.com/afwu/PrintNightmare

Michigan Public School District's #ransomware attack results in it and phone systems disruption - FBI assisting Monroe schools in #cyber attack

https://eu.monroenews.com/story/news/2021/07/02/fbi-assisting-monroe-schools-cyber-attack/7826874002/

QSure, a big player in South Africa's #insurance #industry, has been hit by a #databreach in which bank account numbers and other sensitive information were compromised by a third party.

https://techcentral.co.za/data-breach-hits-major-south-african-insurance-player/108637/

#Cyber reinsurance rates are skyrocketing due to a spate of devastating #ransomware attacks on major companies

https://www.reuters.com/technology/cyber-reinsurance-rates-rocket-july-renewals-willis-re-2021-07-01/

Pure PowerShell implementation of CVE-2021-1675 (PrintNightmare) Print Spooler Local Privilege Escalation

https://github.com/calebstewart/CVE-2021-1675

CVE-2021-3520 : There is a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an 💥 out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. #informatique

https://github.com/lz4/lz4/pull/972

A new #Windows ransomware family : Diavol

• Wizard Spider is a financially motivated criminal group
• Wizard Spider is conducting #ransomware campaigns since at least 2018
• Wizard Spider is reportedly associated with Grim Spider & Lunar Spider
• Wizard Spider is the Russia-based operator of the #TrickBot banking #malware

https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider

Multiples vulnérabilités dans Zimbra 9.0.x versions antérieures à 9.0.0

• CVE-2021-34807
• CVE-2021-35209
• CVE-2021-35208
• CVE-2021-35207

https://blog.zimbra.com/2021/06/new-zimbra-patches-9-0-0-patch-16-and-8-8-15-patch-23/

200 businesses have been hit by #ransomware attacks following an incident at #US IT firm Kaseya in Miami #REvil

https://www.reuters.com/technology/200-businesses-hit-by-ransomware-following-incident-us-it-firm-huntress-labs-2021-07-02

#supply #chain attack : #REvil ransomware gang appears to have gained access to the infrastructure of Kaseya, a provider of remote #management #solutions, and is using a malicious #update for the VSA #software to deploy ransomware on #enterprise #networks. The malicious Kaseya update is reaching VSA on-premise servers, from where, using the internal scripting engine, the #ransomware is deployed to all connected client systems. This incident, believed to have impacted thousands of companies across the world.

https://therecord.media/revil-ransomware-executes-supply-chain-attack-via-malicious-kaseya-update/

A new #DDoS #botnet « Mirai_ptea » is spreading using a KGUARD DVR #exploit and launching attacks against various targets #ptea

https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/