A quick Saturday digest of cybersecurity news articles from other sources.
The real reason for Windows 11
It’s all about security, and it’s going to be a costly upgrade — because most of us will need to buy new PCs to make it work.
Kaseya Provides Security Updates for VSA On-Premises Software Vulnerabilities
Original release date: July 12, 2021
Kaseya has released VSA version 9.5.7a for their VSA On-Premises software. This version addresses vulnerabilities that enabled the ransomware attacks on Kaseya’s customers.
CISA strongly urges Kaseya customers closely follow the instructions detailed in the Kaseya security notice and contact Kaseya should they require implementation assistance. Note: the Kaseya security notice includes Startup Runbooks and Hardening and Best Practice Guides for both VSA On-Premises and VSA SaaS.
LinkedIn User Data Has Been Scraped and Is up for Sale on the Dark Web
700 Million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.
How IIoT is delivering predictive analytics and resilience to electric utilities
With stronger hurricanes, wildfires and other natural disasters, keeping the lights on is a central concern. Now, with the help of IIoT, electric utilities can do a better job of disaster mitigation. But do they open up the attack surface and provide an insecure entry point for attackers?
Microsoft Releases Out-of-Band Security Updates for PrintNightmare
Original release date: July 6, 2021
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service. According to the CERT Coordination Center (CERT/CC), “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.”
The updates are cumulative and contain all previous fixes as well as protections for CVE-2021-1675. The updates do not include Windows 10 version 1607, Windows Server 2012, or Windows Server 2016—Microsoft states updates for these versions are forthcoming. Note: According to CERT/CC, “the Microsoft update for CVE-2021-34527 only appears to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant.” See CERT/CC Vulnerability Note VU #383432 for workarounds for the LPE variant.
The rise of no-code and low-code software (free PDF)
No-code and low-code software is changing how enterprise applications are created and who is creating them. In this special feature, TechRepublic and ZDNet help IT leaders understand the consequences of non-developers becoming app builders and how to successfully take advantage of this trend. Learn more in this download.
Supreme Court Overturns Overbroad Interpretation of CFAA, Protecting Security Researchers and Everyday Users
Electronic Frontier Foundation has long fought to reform vague, dangerous computer crime laws like the Computer Fraud and Abuse Act. In a month packed with Supreme Court decisions that could change the digital rights (and human rights) landscape, we’re gratified by the Court’s important decision in Van Buren. The Court acknowledged that overbroad application of the CFAA risks turning nearly any user of the Internet into a criminal based on arbitrary terms of service. We remember the tragic and unjust results of the CFAA’s misuse, such as the death of Aaron Swartz, and we will continue to fight to ensure that computer crime laws no longer chill security research, journalism, and other novel and interoperable uses of technology that ultimately benefit all of us.
How to Keep Your Home Office Safe and Secure
A great article you can check out.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com