Security News > 2021 > June

The US Cybersecurity and Infrastructure Security Agency has released the Ransomware Readiness Assessment, a new module for its Cyber Security Evaluation Tool. RRA is a security audit self-assessment tool for organizations that want to understand better how well they are equipped to defend against and recover from ransomware attacks targeting their information technology, operational technology, or industrial control system assets.

The troika was wanted for allegedly operating a bank-raiding crimeware "Service" known as Gozi, based on zombie malware that used a technique known as HTML injection to trick victims into revealing personal information relating to their on-line banking. But if you can plant malware on the victim's PC, you can use what's known as an MiTB attack, or "Manipulator in the browser".

The Indexsinas SMB worm is on the hunt for vulnerable environments to self-propagate into, researchers warned - with a particular focus on the healthcare, hospitality, education and telecommunications sectors. Since 2019, Indexsinas has used a large infrastructure made up of more than 1,300 devices acting as attack sources, with each device responsible for only a few attack incidents each.

Windows 11 comes with a new optional feature called 'TPM Diagnostics' that allows administrators to query the data stored on a device's TPM security processor. "TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices."

Europol, the US Department of Justice, and Britain's National Crime Agency have taken down a VPN service they claimed was mainly used by criminals - boasting that they hoovered up "Personal information, logs and statistics" from the site. The DoubleVPN site went dark yesterday after law enforcement agencies swooped on its servers, with a joint public statement this afternoon confirming that the takedown was genuine.

We have seen a surge in WhatsApp accounts being hacked, if you are sent a text from WhatsApp with a code on it, don't share the code with ANYONE no matter who's asking, or the reason why. We've discussed this scam before on the Naked Security podcast, because it's a good reminder of how cybercriminals use one hijacked social media account to target others.

Attackers could use critical firmware vulnerabilities discovered by Microsoft in some NETGEAR router models as a stepping stone to move laterally within enterprise networks. They allow unauthenticated attackers to access unpatched routers' management pages via authentication bypass, gain access to secrets stored on the device, and derive saved router credentials using a cryptographic side-channel attack.

By contrast, 22% are making "Adequate" investments in tech, 28% in governance and process and 27% in people, according to the report. Staying "On pace" with business transformations isn't enough to make that commitment happen, the report said.

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Update: Microsoft acknowledged PrintNightmare as a zero-day that has been affecting all Windows versions since before June 2021 security updates. Technical details and a proof-of-concept exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution.