Security News > 2021 > June

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Expel for Microsoft alerts and responds to the Microsoft-specific vulnerabilities attackers typically exploit. On Thursday, managed detection and response provider Expel announced the launch of its Expel for Microsoft offering, which automatically analyzes and prioritizes alerts across a suite of Microsoft products including Active Directory, AD Identity Protection, Azure, Microsoft Cloud App Security, Microsoft Defender for Endpoint, Office 365 and Sentinel.

The recent ransomware attack on Colonial Pipeline inspired a threat actor to create a new phishing lure to trick victims into downloading malicious files. Threat actors did not lose much time after the Colonial Pipeline incident and used it as a theme in a new phishing campaign deployed a couple of weeks later.

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.

Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.

If a sloppy internet service stores your password in plaintext and then gets breached, the crooks acquire your actual password directly, regardless of how complex it is. Keylogging malware on your computer can capture your passwords as you type, thus obtaining them "At source", no matter how long or weird they might be.

What are the primary targets ofs ransomware attacks? While home users were traditionally targets of ransomware attacks, healthcare, schools and universities and the public sector are now targeted with increasing frequency. What are the most well-known ransomware attacks? Ransomware has been an active and ongoing malware threat since September 2013.

The memo, from deputy national security advisor for Cyber and Emerging Technology Anne Neuberger, said the private sector has a "Critical responsibility" to protect their businesses against ransomware. "Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat."

Google has announced a new experimental Abuse Research Grants Program for abuse-related tactics and product issues outside the scope of existing Vulnerability Research Grants and the Vulnerability Reward Program. Grant amounts for the new Abuse Research Grants Program will vary from $500 up to $3,133.

Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors. While the amplification rate is only 2.32 to 1, UDP reflection/amplification attacks abusing STUN services can be more difficult to mitigate without overblocking legitimate traffic.