Microsoft issues an out-of-band patch for critical ‘PrintNightmare’ vulnerability following reports of in-the-wild exploitation and publication of multiple proof-of-concept exploit scripts Background On July 6, Microsoft updated its advisory to announce the availability of out-of-band patches for a critical vulnerability in its Windows Print Spooler that researchers are calling PrintNightmare. This remote code execution (RCE) vulnerability affects all versions of Microsoft Windows. CVE Description CVSSv3 VPR* …

The United States has been given leave to appeal a British court’s decision not to extradite WikiLeaks founder Julian Paul Assange to America.  In Westminster Magistrate’s court in January, district judge Vanessa Baraitser ruled that Australian citizen Assange should not be extradited to the United States to face 17 charges under the Espionage Act and one charge under the Computer Fraud and Abuse Act.  The US Department of Justice indicted Assange in 2019 over his alleged involvement in the acquisition…

A new phishing campaign claims to offer a security update for Kaseya’s VSA software but actually tries to install malware, says Malwarebytes. Image: danijelala, Getty Images/iStockPhoto Cybercriminals are already taking advantage of the ransomware attack against IT firm Kaseya to deploy spam designed to infect computers with Cobalt Strike-delivered malware. In a July 6 update to an ongoing blog and a tweet about the Kaseya incident, security firm Malwarebytes said that its Threat Intelligence team…

The Biden administration has announced the cancellation of a $10bn massive cloud-computing contract awarded to Microsoft.  After Microsoft won a lengthy bidding process for the Joint Enterprise Defense Infrastructure (JEDI) cloud contract in 2019, competing contractor Amazon Web Services (AWS) complained that the decision wasn’t fair. Yesterday the DoD issued a statement declaring that the contract had passed its sell-by date and was no longer relevant. “The Department has determined that, due to evolving requirements, increased cloud conversancy, and industry advances,…

A new report finds that fake investment scams have netted the most funds among all the types of active blockchain scams. Image: Wit Olszewski/Shutterstock If you have been swindled by a blockchain con, the most likely culprit is a fake investment scam, according to an analysis by Atlas VPN. The top 10 most successful currently active blockchain scams have collected $13.7 million so far, the report found. CryptoMixer.com, a fake Bitcoin tumbler, is the biggest…

If two-factor authentication logins on your Linux servers are giving you fits, Jack Wallen has the solution for you. Image: iStockphoto/Jirsak Recently, I had an incident where a two-factor authentication-enabled Linux server wouldn’t allow me in via SSH. Fortunately, I had physical access to the server, so it wasn’t a complete disaster. Had I not been able to log into the machine on site, I would have had to count on someone on-premise to take…

The majority of insider data breaches are non-malicious, according to new research released today by American cybersecurity software company Code42 in partnership with Aberdeen Research.  The report Understanding Your Insider Risk and the Value of Your Intellectual Property found that at least one in three (33%) reported data breaches involve someone with authorized access to the impacted data. A key finding of the report was that 78% of those insider data breaches involved unintentional data exposure or loss rather than any malice. Researchers…