Security News

Microsoft has released the KB5004945 emergency security update to fix the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. Windows 7 SP1 and Windows Server 2008 R2 SP1. Windows Server 2008 SP2. Security updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft.

The worldwide July 2 attacks on the Kaseya Virtual System/Server Administrator platform by the REvil ransomware gang turn out to be the result of exploits for at least one zero-day security vulnerability, and the company is swinging into full mitigation mode, with patches for the on-premise version coming soon, likely Wednesday or Thursday, it said. The attacks on the VSA are now estimated to have led to the encryption of files for around 60 Kaseya customers using the on-premises version of the platform - many of which are managed service providers who use VSA to manage the networks of other businesses.

The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack. The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure, and Kaseya was validating the patch before they rolled it out to customers.

Free micropatches addressing the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service are now available through the 0patch platform. The buggy code behind this remote code execution bug is present in all versions of Windows, with Microsoft still investigating if the vulnerability can be exploited exploitable on all of them.

Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. In a separate threat analytics report for Microsoft 365 Defender customers seen by BleepingComputer, Microsoft says attackers are actively exploiting the PrintNightmare zero-day.

For details about the emergency patch released by Microsoft on 2021-07-06,please see: PrintNightmare official patch is out - update now! You'll also hear and see the flaw referred to as the Print Spooler bug, based on the headline on Microsoft's security update guide that describes the flaw as a Windows Print Spooler Vulnerability.

The company is also planning to offer a trade-in program to get customers onto the cloud - specifically, onto a supported My Cloud device - and off of old My Book Live and My Book Live Duo devices, an indeterminate number of which were remotely eviscerated in an attack that exploited what turns out to have been a zero-day vulnerability. Besides the unauthenticated factory-reset operation, Western Digital said that the firmware for My Book Live is also vulnerable to a remotely exploitable command-injection vulnerability when the device has remote access enabled.

Western Digital on Tuesday confirmed that the recent attacks targeting some of its older network-attached storage devices involved the exploitation of a zero-day vulnerability. The attacks came to light last week, with many owners of My Book Live and My Book Live Duo devices reporting on the WD Community forum that a factory reset had been initiated on their devices, which resulted in all files being erased.

A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. A report by Censys CTO Derek Abdine revealed that the latest firmware for My Book Live devices contained a zero-day vulnerability that allowed a remote attacker to perform factory resets on Internet-connected devices.

74% of threats detected in Q1 2021 were zero day malware - or those for which a signature-based antivirus solution did not detect at the time of the malware release - capable of circumventing conventional antivirus solutions, according to WatchGuard. The report also covers new threat intelligence on rising network attack rates, how attackers are trying to disguise and repurpose old exploits, the quarter's top malware attacks, and more.