FBI Security Alerts

Re: FBI Security Alerts

... while your concern holds little merit the statement that Synnex was breached should concern all copier/print vendors as they are the #1 distributor for countless products in the computer industry.

I know of many dealers who order product like Lexmark from them everyday.

"Synnex’s Urban told CRN Tuesday morning that the distributor has no relationship with Kaseya and doesn’t use any of its systems, including the compromised VSA remote monitoring and management product. “We do not know if this is related to the Kaseya ransomware attack to MSPs and some end customers,” Urban said in a statement emailed to CRN. “That is part of the review.” "

... the attack on Synnex may or may not have been successful.

Re: FBI Security Alerts

Microsoft delivers emergency patch for PrintNightmare security bug

Microsoft is offering patches for unsupported versions of Windows to plug the so-called PrintNightmare bugs.

Microsoft has released an out-of-band patch for the security flaw known as PrintNightmare that is under attack already and lets attackers take control of a PC.

The PrintNightmare bug is being tracked as CVE-2021-1675 and CVE-2021-34527. It's a critical bug in the Windows print spooler with exploit code in the public domain before Microsoft had a chance to release a patch for it. Admins were advised to disable the Print Spooler service until a patch was made available.

Microsoft has now completed its investigation and released security updates to address the security bug.

"The security updates released on and after July 6, 2021 contain protections for a remote code execution exploit in the Windows Print Spooler service known as "PrintNightmare", documented in CVE-2021-34527, as well as for CVE-2021-1675," Microsoft said.

"We recommend that you install these updates immediately," Microsoft said.
The bug looks to be a serious concern at Microsoft, which has taken the rare step of releasing patches for Windows 7. That version of Windows reached the end of mainstream support on January 14, 2020.

Very occasionally Microsoft releases patches for unsupported versions of Windows. It did that for Windows XP in 2017 after the WannaCry ransomware attacks, which were blamed on North Korean hackers.

Windows 7 accounts for a smaller share of all Windows PCs out there today, but the numbers remained significantly large enough for Google to maintain Chrome support for Windows 7 until July 2021.

Re: FBI Security Alerts

I have a Windows 7 computer and it will not update after several attempts to counter this new Print Nightmare threat.

Any ideas?

Re: FBI Security Alerts

Update it to Windows 10, as I am sure you would advise your customers to do.

Re: FBI Security Alerts

Guess what, it is now July 2021.

Re: FBI Security Alerts

Multiple REvil ransomware sites are down on the dark web

• Dark web sites affiliated with the REvil ransomware gang were not operating Tuesday morning.
• The disappearance of the sites affiliated with the Russian-linked gang REvil, also known as Sodinokibi, comes on the heels of an international ransomware outbreak on July 2 that the group had taken credit for.
• President Joe Biden recently said it would make sense for the United States to attack computer servers used by ransomware groups.

Dark web sites linked to the REvil ransomware gang were not operating Tuesday morning, CNBC has confirmed.

It is not clear what led to the websites of the ransomware-as-service group going down Tuesday. Visitors to the sites, which had recently been active, were greeted with messages saying, “A server with the specified hostname could not be found.”

The disappearance of the public-facing sites affiliated with Russia-linked REvil, also known as Sodinokibi, comes on the heels of an international ransomware outbreak on July 2 that the group had taken credit for.

A National Security Council official declined to comment to CNBC on Tuesday morning.

On Friday, President Joe Biden was asked by a reporter if it “makes sense” for the United States to attack the computer servers that have hosted ransomware attacks.

“Yes,” Biden answered.

A National Security Council official later that same day told reporters that U.S. authorities expected to take action against ransomware groups soon.

“We’re not going to telegraph what those actions will be precisely,” that official said.

“Some of them will be manifest and visible, some of them may not be. But we expect them to take place in the days and weeks ahead.”

John Hultquist of Mandiant Threat Intelligence told CNBC on Tuesday, “The situation is still unfolding, but evidence suggests REvil has suffered a planned, concurrent takedown of their infrastructure, either by the operators themselves or via industry or law enforcement action.”

“If this was a disruption operation of some kind, full details may never come to light,” Hultquist added in an email.

He also said an analysis shows that “known websites associated with the REvil ransomware RaaS are offline or non-responsive.”

“REvil’s darknet (.onion) and clearnet (decoder.re) websites are offline, and although we have no visibility into exactly how their darknet sites have been taken down their clearnet site’s domain has simply ceased resolving to an IP address and its dedicated name servers are still online,” Hultquist said.

Re: FBI Security Alerts

US blames China for hacks, opening new front in cyber offensive


The United States and its foreign allies on Monday accused China of widespread malfeasance in cyberspace, including through a massive hack of Microsoft's email system and other ransomware attacks, a dramatic escalation in the increasingly urgent attempt by the Biden administration to stave off further breaches.

In a coordinated announcement, the White House and governments in Europe and Asia identified China's Ministry of State Security, the sprawling and secretive civilian intelligence agency, with using "criminal contract hackers" to conduct a range of destabilizing activities around the world for personal profit, including the Microsoft hack, according to a senior US administration official.

The administration official also said China was behind a specific ransomware attack against a US target that involved a "large ransom request" — and added that Chinese ransom demands have been in the "millions of dollars."

The public disclosure of the Chinese efforts amounts to a new front in an ongoing offensive by the Biden administration to bat away cyberthreats that have exposed serious vulnerabilities in major American sectors, including energy and food production. The extent of Chinese involvement in hiring criminal networks to invade and extort money around the world came as a surprise to the White House, officials said.
"What we found really surprising and new here was the use of criminal contract hackers to conduct this unsanctioned cyber operation and really the criminal activity for financial gain. That was really eye-opening and surprising for us," a senior administration official said on Sunday ahead of the announcement.

Still, while American officials have raised concerns with the Chinese about the behavior, the US is stopping short of applying new punishment on Beijing as part of Monday's announcement. The official said the US was "not ruling out further actions to hold (China) accountable."

On Monday, the Justice Department announced that four Chinese nationals and residents were indicted by a federal grand jury in San Diego for "a campaign to hack into the computer systems of dozens of victim companies universities and government entities" in the US and abroad between 2011 and 2018.

Three of the individuals were Hainan State Security Department officers who were "coordinating, facilitating and managing computer hackers and linguists" for front companies to conduct hacking for the "benefit of China and its state-owned and sponsored instrumentalities," the department said. Another individual was a computer hacker who allegedly hacked into computer systems used by foreign governments, companies and universities, and created malware and supervised other hackers.

They were each charged with one count of conspiracy to commit computer fraud and one count of conspiracy to commit economic espionage.

Re: FBI Security Alerts


The reason why this is happening is because they see Biden as a pushover. He better act and it better be severe or the cyber attacks will only get worse.

Re: FBI Security Alerts

Maybe you could turn on SMB1 Billy that will Help



Do not turn on Smb1 on its a known security threat.

Don't be a Billy!

Re: FBI Security Alerts

... try and stay informed about the news!

On approx July 14, President Biden authorized a cyber strike that knocked out all of the transaction servers used the the Russian cyber criminal group R-Evil on the dark web.

Those servers are still down and the criminal groups ability to launch RaaS attacks has been significantly reduced.

Re: FBI Security Alerts

Wouldn't matter who is in the White House, that's never been a concern for state actors or criminal groups. There's no enthrallment to American politics, state actors know that no-one is going to a shooting war over ransomeware and corporate hacks as long as they don't affect critical infrastructure, and criminals are deep enough into the shadows that they can always design some plausible deniability or get cover from a state agents.

Attacks like this have been happening for years, it's just becoming more of a commodity service as opposed to always being nation states. There are even criminal organisations that will do ransomeware as a service for a cut of any ransom.

The real issue is the state of most corporate networks is incredibly sloppy, or pieced together thanks to the need to keep legacy software floating around or just the offloading of access and management to centralized systems where one attack gives access to multiple networks at once.

In many ways, this is just an escalation of the same kind of industrial espionage that nation states have pursued for years, except now it can also be used to not only exfiltrate data, but also to gain money from the fools willing to pay ransom, but not willing to pay to backup and protect their data. Everything old is new again.

Sent from my BlackBerry using Tapatalk

Re: FBI Security Alerts


So, in other words, all this talk that Biden is doing is just that, talk? I'm gonna disagree with you on this. I do believe there are things that Joe can do that would help greatly other than a full blown war. If not, we're in big trouble.

Re: FBI Security Alerts

There are things that can be done politically, but those are never going to solve a technical issue, just morph it to another form. All the feds can really do is enforce, and really enforce, baseline guidance and adherence to it as well as draw a line in the sand in terms of protecting critical infrastructure.

The real meat of what can be done from an offensive standpoint will be just as shrouded in plausible deniability as an attack from another nation state. Just look at Stuxnet years ago, or the REvil disappearance. Countermeasures generally aren't that sexy and rarely make headlines.

My main point has always been that as long as private industry deems it cheaper to operate without adherence to very well documented guidance then there's always going to be a problem. Any idiot with a Shodan account and a list of known vulnerabilities could likely hit some companies with a decent success rate.

I'd fine companies and municipalities that pay a ransom twice what they pay, and it's often cheaper to just rebuild than recover now compromised data.

Sent from my BlackBerry using Tapatalk

Re: FBI Security Alerts


I understand. My only point is that if a government (see dictator) is ultimately behind some of these attacks (and I believe they are) then Biden is gonna have to react in such a way that it'll make them think twice before doing it again.

Re: FBI Security Alerts

MORE Alarming Cybersecurity Stats For 2021 !

A new study says by cybersecurity company BlueVoyant shows that the supply chain is a magnet for cyber breaches. “A whopping 97% of firms have been impacted by a cybersecurity breach in their supply chain, and 93% admitted that they have suffered a direct cybersecurity breach because of weaknesses in their supply chain.“ Supply chain cybersecurity breaches have hit alarming percentage of firms: survey | Fox Business

“Supply chain attacks rose by 42% in the first quarter of 2021 in the US, impacting up to seven million people, according to research. Analysis of publicly-reported data breaches in quarter one by the Identity Theft Resource Center (ITRC) found 137 organizations reported being hit by supply chain cyber-attacks at 27 different third-party vendors.” ‘Troubling’ rise in supply chain cyber-attacks – Supply Management (cips.org)

For a deeper dive into supply chain cyber issues, please see: Chuck Brooks: Government Focused on Securing the Cyber Supply Chain

“Supply chain issues are being formally adapted into security strategy by the federal government. On May 15, 2019, the White House Presidential Executive order was issued to help secure the supply chain (both public and commercial) poses an undue risk of sabotage to or subversion of the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of information and communications technology or services in the United States.”

The remedy to fixing supply chain vulnerabilities is heightening government and industry collaboration highlighted in the policy initiatives, such as NIST, and in task forces on supply chain security established by the Executive Branch. More precisely, it requires enacting a risk management process that identifies vulnerable systems (especially legacy) and gains visibility into all the elements of the supply chain.”


Cybersecurity is all about risk management. The Cyber Risk list below compiled by Fortinet speaks volumes:

1. [*=left]Cyber RisksIDC predicts there will be 55.7 billion connected devices by 2025, of which 75% will be connected to the IoT. IDC also estimates that IoT devices will generate 73.1 zettabytes of data by 2025, up from just 18.3 zettabytes in 2019.
   [*=left]Cisco data estimates that distributed denial-of-service (DDoS) attacks will grow to 15.4 million by 2023, more than double the 7.9 million in 2018.
   [*=left]DDoS attacks became more prevalent in 2020, with the NETSCOUT Threat Intelligence report seeing 4.83 million attacks in the first half of the year. That equates to 26,000 attacks per day and 18 per minute.
   [*=left]More than four-fifths of data breaches in 2020 (86%) were financially motivated, according to Verizon’s 2020 Data Breach Investigations Report (DBIR).
   [*=left]Security threats against industrial control systems (ICS) and operational technology (OT) more than tripled in 2020, according to Dragos Inc.’s Year in Review report.
   [*=left]McKinsey insight finds 70% of security executives believe their budget will decrease in 2021, which will limit and reduce their spending on compliance, governance, and risk tools.
   [*=left]Organizations must defend their networks, systems, and users against several major cybersecurity threats. For example, Verizon’s 2020 DBIR found that 70% of breaches were caused by outsiders, 45% involved hacking, 86% were financially motivated, 17% involved some form of malware, and 22% featured phishing or social engineering.