Press "Enter" to skip to content

More security news, including new FBI reports on ManageEngine

As we slow down for the holidays, a couple of security stories.   

According to cybersecurity firm Avast, the United States Commission on International Religious Freedom (USCIRF) has been hit with a cyberattack.   Avast did not identify the federal agency affected, but The Record determined it was the USCIRF. The Cybersecurity and Infrastructure Security Agency (CISA) declined to comment on the attack and said all requests for more information should go to USCIRF. USCIRF did not respond to requests for comment. 

Meanwhile, the FBI reports active exploits of ManageEngine’s Desktop Central product due to a flaw exposed back in October.  A patch was released on December 3.    The FBI now says it observed APT actors compromising Desktop Central servers using the flaw to drop a webshell that overrides a legitimate function of Desktop Central. 

Microsoft has released the final version of security configuration baseline settings for Windows 10, version 21H2.   The highlight of the new Windows 10 security baseline is the addition of tamper protection as a setting to enable by default (this was also made a default setting in the Windows 11 security baseline two months ago).

Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors’ arsenal.  Threat actors’ focus is also shifting to entities belonging to the government sector, which received 400% more attacks than in October.  The spotlight in November was stolen by the PYSA ransomware group (aka Mespinoza), which had an explosive rise in infections, recording an increase of 50%.  That from Bleeping Computer.

Why do we care?

So I’ll note I won’t be doing news shows next week – but Log4J probably won’t slow down.    The warnings have been constant all month, so at this point, I’m expecting everyone is executing their holiday playbook.

A recent discussion I was involved in highlighted the concern that many small providers don’t have one.   If that’s true for your business… it’s never too late to fix that.