安全订阅源面向 MSP 与 IT 专业人员,旨在帮助其实时了解操作系统、浏览器、VPN、RDP 相关网络安全新闻以及安全漏洞警报,进一步保护公司以及客户的安全。

General Advisory: Windows RCE Vulnerability

Monday, May 30, 2022

Microsoft has released details and workarounds for a remote code execution vulnerability in Windows being tracked as CVE-2022-30190.

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.

This vulnerability is known to be exploited in the wild.

System administrators are urged to review the guidance and apply mitigations to avoid potential exploitation.

Important links:
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

General Advisory: Log4j Vulnerabilities

Monday, December 20, 2021

Apache has released critical security updates for Log4j to fix a Remote Code Execution (RCE) vulnerability being tracked as CVE-2021-44228 as well as two other related vulnerabilities being tracked as CVE-2021-4104 and CVE-2021-45046.

These vulnerabilities are known to be exploited in the wild.

System administrators are urged to apply updates immediately to avoid potential exploitation.

Important links:
CISA Apache Log4j Vulnerability Guidance
Microsoft Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation
Apache Log4j Security Vulnerabilities

Splashtop is NOT vulnerable to this potential security risk:
Splashtop Status Report for Log4J Vulnerabilities
Splashtop Support: Is Splashtop affected by Apache Log4j?

General Advisory: ManageEngine ADSelfService Plus Vulnerability

Thursday, September 16, 2021

ManageEngine has released an important security update for ADSelfService Plus to fix a Remote Code Execution (RCE) vulnerability being tracked as CVE-2021-40539.

This vulnerability is known to be exploited in the wild.

System administrators are urged to apply updates immediately to avoid potential exploitation.

Important links:
CISA Alert: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus/a>
ADSelfService Plus 6114 Security Fix Release Notes

General Advisory: Microsoft MSHTML Remote Code Execution Vulnerability

Tuesday, September 7, 2021

Microsoft has released details, mitigations, and workarounds for a MSHTML Remote Code Execution Vulnerability being tracked as CVE-2021-40444.

This vulnerability is known to be exploited in the wild, and it has not been patched with a Windows update as of 9/7/2021.

System administrators are urged to review the guidance and apply mitigations to avoid potential exploitation.

Important links:
CVE-2021-40444: Microsoft MSHTML Remote Code Execution Vulnerability

General Advisory: Risk Considerations For Managed Service Provider Customers

Thursday, September 2, 2021

Cybersecurity & Infrastructure Security Agency (CISA) has published “Risk Considerations For Managed Service Provider Customers”.

Read the full details here:
CISA: Risk Considerations For Managed Service Provider Customers

General Advisory: OpenSSL Releases Security Update

Tuesday, August 24, 2021

OpenSSL has released a security update with a fix for a high priority vulnerability affecting versions 1.1.1k and below.

An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

System administrators are urged to review the security advisory and apply any available updates.

Important links:
OpenSSL Security Advisory

General Advisory: SonicWall Warns of “Imminent Ransomware Campaign” Targeting EOL Devices

Wednesday, July 14, 2021

SonicWall has posted an urgent security alert warning customers of an “an imminent ransomware campaign” targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) devices running end-of-life (EOL) 8.x firmware.

The security alert explains that legacy devices affected by this advisory “are at imminent risk of a targeted ransomware attack.”

System administrators are urged to update to the latest 9.x or 10.x firmware versions or immediately disconnect the devices and reset passwords to avoid potential ransomware attacks.

Important links:
Sonicwall Urgent Security Notice: Critical Risk To Unpatched End-Of-Life SRA & SMA 8.X Remote Access Devices
SonicWall warns of ‘imminent ransomware campaign’ targeting its EOL equipment

General Advisory: Guidance for Kaseya VSA Attack

Tuesday, July 6, 2021

While Splashtop has not been impacted, we know that organizations globally are concerned about the Kaseya VSA ransomware attack. Please note that new guidance is now available from Kaseya and they strongly suggest that you take the steps below to keep your systems secure.

System administrators are urged to immediately follow the recommendations listed in the articles below:
CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
Kaseya Important Notice July 7th, 2021

Technical details about the ransomware attack are available here:
Kaseya Incident Overview & Technical Details
REvil ransomware attack against MSPs and its clients around the world

This attack impacts Kaseya customers using the on-premises version of Kaseya VSA. Kaseya has not found any evidence to suggest that SaaS customers were compromised.

Please note that there is no evidence to suggest that Splashtop or it’s customers were impacted by the recent attack on Kaseya. The Splashtop security team monitors and evaluates security risks and vulnerabilities reported in the industry and takes immediate action when warranted. Splashtop has taken multiple actions to protect Splashtop and our customers. We will continue to monitor our environment closely to ensure we take every precaution to keep our customers and their data safe and secure.

General Advisory: Kaseya VSA Attack

Friday, July 2, 2021

Kaseya is investigating a potential ransomware attack affecting Kaseya VSA servers.

System administrators are urged to immediately shut down any Kaseya VSA servers until more details are released.

Important links:
Kaseya Important Notice July 2nd, 2021
Kaseya VSA Supply-Chain Ransomware Attack

General Advisory: Several Recent Ransomware Attacks

Sunday, June 6, 2021

Ransomware is a form of malware designed to encrypt files on a device to render them unusable until a ransom is paid for a decryption key. Ransom DDoS attacks involve overwhelming public servers with large volumes of traffic to bring them offline until a ransom is paid.

Several recent ransomware attacks have made headlines, including attacks on JBS (a global meat processor), Colonial Pipeline (a top US fuel pipeline), CNA financial (a large US insurance company), and Bose (an audio electronics manufacturer).

Administrators are urged to review ransomware guidance, follow best practices for preventing ransomware attacks, ensure that data is backed up regularly, and create a continuity plan to follow in case a ransomware attack occurs.

Important resources:
CISA.gov Ransomware Guidance and Resources
CISA.gov Fact Sheet: Rising Ransomware Threat to Operational Technology Assets
FBI Ransomware Guidance

Important news:
Global meat processor JBS shuts part of operation to blunt cyberattack fallout
Three takeaways from the Colonial Pipeline attack
One of the US’s largest insurance companies reportedly paid $40 million to ransomware hackers
Bose Admits Ransomware Hit: Employee Data Accessed
Exchange Servers Targeted by ‘Epsilon Red’ Malware

Subscribe to the Feed

RSS