August Security Update: The (PrintNightmare) Continues

Train employees on current threats, make sure your security solutions are up to the task – and, maybe, disable your printer spooler.

Mike Monocello

August 24, 2021

New Microsoft Point and Print Vulnerability Discovered

Microsoft released a patch in Aug. 2021 to correct the “PrintNightmare” vulnerability in Point and Print, documented as CVE-2021-34481. However, there’s a new zero-day print spooler vulnerability. This vulnerability, CVE-2021-36958, could allow attackers to gain SYSTEM privileges on a computer.

Action Items

See Microsoft’s advisory on the vulnerability.
Microsoft says a workaround is “to stop and disable Print Spooler service.”

Hancitor is Spreading FickerStealer

Symantec reports FickerStealer, malware that extracts sensitive and private information, is now being spread by Hancitor. Attacks involve spam emails containing attachments that enable Hancitor to communicate with C2 servers and retrieve a URL containing FickerStealer.

Action Item

Use email security
Train employees on spam and phishing tactics.

Two Vulnerabilities Discovered in Zimbra Webmail

SonarSource discovered two vulnerabilities in Zimbra webmail, used by more than 200,000 businesses and more than 1,000 government and financial institutions.

A combination of these vulnerabilities could enable an attacker to gain unrestricted access to all employees’ emails.

CVE-2021-35208 is a cross-site scripting vulnerability that can be triggered when an employee views mail. A malicious email containing a JavaScript payload could ultimately provide an attacker access to the employee’s emails, their webmail session, and possibly additional attacks.

CVE-2021-35209 is a bypass of an allow-list that leads to a server-side request forgery vulnerability. Combined with the first vulnerability, SonarSource says an attacker could extract, for example, AWS IAM credentials or Google Cloud API tokens.

Action Items

See technical details on SonarSource’s blog.
Use Patch 18 for Zimbra 8.8.15 and Patch 16 for the 9.0 series; prior versions are vulnerable.

New Twist on Phishing: Fake Zoom Meeting Invitations

INKY researchers have discovered that attackers are using Zoom in a phishing campaign to steal credentials from users. The attackers send phishing emails to employees, asking them to review a Zoom meeting invitation by downloading a file attached to the email and downloading an attachment to start the meeting. Attackers used domain names such as zoomcommunications.com that users may think are legitimate—and that could bypass email security.

When users followed the instructions, they arrived at an authentic-looking Microsoft sign-in page, asking for login and password.

Action Items

Educate employees and your clients about this scam.
Check the URL of every email and website before clicking.
Do not open attachments from unknown senders.
If in doubt, contact the person by text or phone to confirm the email is legitimate.

McAfee Points out Ransomware Has Become Big Business

McAfee notes that although the Colonial Pipeline ransomware attack monopolized media attention, there’s more to the story. The DarkSide Ransomware as a Service attack was preceded by Babuk, Conti, Ryuk, and REvil. McAfee says widespread attacks on smaller organizations decreased, and attackers focused on larger organizations that could pay higher ransoms.

McAfee also points out that these victims were targeted with customized variants.

Action items

Build a comprehensive security strategy that includes threat detection.
Back up data in at least three locations, one of which is not connected to the internet and one that’s offsite.
Talk through incident response today; know in advance how you will respond to an attack.

Top Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Securing Agency (CISA), as well as the FBI and agencies in Australia and UK, authored an advisory on the top 30 vulnerabilities that cyberattackers most commonly exploit.

The advisory points out that four of the most exploited vulnerabilities in 2020 impact remote work, VPN and cloud technologies.

Action Items

Review the list here.
Remediate vulnerabilities as soon as possible; patches are available for most.
Organizations that have not kept patching up to date should have their systems evaluated for compromise and initiate incident response and recovery.

For more security updates and insights, visit DevPro Journal’s Security resources page.

August Security Update: The (PrintNightmare) Continues

New Microsoft Point and Print Vulnerability Discovered

Hancitor is Spreading FickerStealer

Two Vulnerabilities Discovered in Zimbra Webmail

New Twist on Phishing: Fake Zoom Meeting Invitations

McAfee Points out Ransomware Has Become Big Business

Top Exploited Vulnerabilities

Latest Software Developer News

Epson OmniLink m-Series Receipt Printers Certified for Slice Register POS Systems Built Exclusively for Local Pizzerias

MicroTouch Collaborates with Exertis Almo to Bring Integrators New Interactive Touch Displays

New GitLab Research Reveals Rising Demand for Security and Efficiency in Software Development, Increasing Use of AI/ML in Security

Solo.io Expands Gloo Platform with Addition of Gloo Fabric to Enable Secure, Multi-cloud Networking for Distributed Applications

Epson OmniLink TM-m50II POS Receipt Printer Now Available

MicroTouch Introduces New 27-Inch Open-Frame Touch Monitor for Retail and Hospitality Applications

Most Popular

Improve Software Sales During a Tough Economy

The Value—and Potential—of Enterprise Open Source

Improve Marketing ROI by Defining Your Target Market

What Your NPS Score Says About How Competitive You Are