Security News > 2021 > June

IBM Corp. on Wednesday announced that it is contributing the Kestrel open-source programming language for threat hunting to the Open Cybersecurity Alliance. The Kestrel threat hunting tool helps Security Operations Center analysts and other cybersecurity professionals streamline threat discovery.

Facebook has filed lawsuits against two groups of suspects who took over advertising agency employees' accounts and abused its ad platform to run unauthorized or deceptive ads. The social network says that four Vietnamese nationals took over the Facebook accounts of multiple employees working at marketing and advertising agencies using a technique known as session theft.

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. In a SOC measuring analyst activity with MTTR can drive the wrong behavior.

The company is also planning to offer a trade-in program to get customers onto the cloud - specifically, onto a supported My Cloud device - and off of old My Book Live and My Book Live Duo devices, an indeterminate number of which were remotely eviscerated in an attack that exploited what turns out to have been a zero-day vulnerability. Besides the unauthenticated factory-reset operation, Western Digital said that the firmware for My Book Live is also vulnerable to a remotely exploitable command-injection vulnerability when the device has remote access enabled.

UPDATE. A proof-of-concept for a critical Windows security vulnerability that allows remote code execution was dropped on GitHub on Tuesday - and while it was taken back down within a few hours, the code was copied and is still out there circulating on the platform. The bug exists in the Windows Print Spooler and has been dubbed "PrintNightmare" by researchers.

An infosec firm accidentally published a proof-of-concept exploit for a critical Windows print spooler vulnerability that can be abused by rogue users to compromise Active Directory domain controllers. This security hole could be exploited by a normal user to execute code as an administrator on a system running the print spooler service.

Trend Micro on Wednesday released a new report describing the threats affecting industrial control system endpoints in 2020. The highest number of organizations that had their industrial systems hit by ransomware was seen by the cybersecurity firm in the United States, far more than in any other country.

A televised phone-in with Russian President Vladimir Putin Wednesday was targeted by "Powerful" cyberattacks, the state-run Rossiya 24 network which broadcast the event said. Shown on Kremlin-friendly media, the annual session with Putin sees the president field in real time queries submitted by Russians throughout the country.

Windows network administrators are scrambling to contain the fallout from the release of proof-of-concept code for a nasty Windows Print Spooler vulnerability that exposes Windows servers to remote code execution attacks. Multiple threat hunters are reporting that published demo exploit code provides a code execution path on fully patched Windows servers, meaning that Microsoft's June patch may have missed the mark.

A British script kiddie who DDoS'd a Labour Party parliamentary candidate's website in the runup to the last general election has been banned from using the Tor browser. Bradley Niblock, formerly the operator of the UGLegion Twitter account, pleaded guilty to two Computer Misuse Act crimes after being tracked down by Cumbria Police.