Security News

CISA says multiple threat actors are exploiting the Windows 'PrintNightmare' vulnerability. The United States Cybersecurity and Infrastructure Security Agency on Tuesday issued Emergency Directive 21-04, which requires all federal agencies to apply the available patches for the recently disclosed Microsoft Print Spooler service vulnerability within one week.

A new emergency directive issued by the Cybersecurity and Infrastructure Security Agency orders federal agencies to mitigate the actively exploited Window Print Spooler vulnerability on their networks. CISA issued the Emergency Directive 21-04 after Microsoft released security updates on Friday to address the vulnerability dubbed PrintNightmare in all supported Windows versions.

Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the ransomware scourge rages on. The U.S. has made a key move to shore up its cybersecurity strategy, with the confirmation of Jen Easterly as the director of the Cybersecurity and Infrastructure Security Agency on Monday.

The United States Cybersecurity and Infrastructure Security Agency has published the results of the Risk and Vulnerability Assessments it conducted in fiscal year 2020, revealing some of the security weaknesses that impact government and critical infrastructure organizations. CISA conducted a total of 37 RVAs, leveraging the MITRE ATT&CK framework to provide a better understanding of risks and help organizations remediate weaknesses that threat actors might abuse in live attacks to compromise network security controls.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday published an advisory to inform organizations about a total of 15 vulnerabilities affecting Philips Vue healthcare products. The flaws, many of which exist in third-party components, affect several Philips Clinical Collaboration Platform Portal products, including MyVue, Vue Speech and Vue Motion, CISA said.

The REvil cybergang is taking credit for Friday's massive ransomware attack against managed service provider Kaseya Ltd. The criminals behind the attack claim it infected 1 million systems tied to Kaseya services and are demanding $70 million in bitcoin in exchange for a decryption key. The attack is considered the single biggest global ransomware attack on record.

CISA and the Federal Bureau of Investigation have shared guidance for managed service providers and their customers impacted by the REvil supply-chain ransomware attack that hit the systems of Kaseya's cloud-based MSP platform. The two federal agencies advise MSPs affected by the Friday REvil attack to further check their systems for signs of compromise using a detection tool provided by Kaseya over the weekend and enable multi-factor authentication on as many accounts as possible.

The U.S. government has stepped in to offer a mitigation for a critical remote code execution vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft's initial effort to fix it. In the meantime, Microsoft Thursday put out a new advisory of its own on PrintNightmare that assigns a new CVE and seems to suggest a new attack vector while attempting to clarify confusion that has arisen over it.

The Cybersecurity and Infrastructure Security Agency has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing. "CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print," the US federal agency said.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool, namely the Ransomware Readiness Assessment. A Department of Homeland Security product, CSET was designed to help organizations assess their security posture, and is applicable to both IT and industrial control system networks.