NCSC Weekly Threat Report 9th July 2021

In this week’s Threat Report:

  1. Supply chain attack affects Kaseya product
  2. Agreement reached on British Airways data breach compensation claim
  3. CVE-2021-34527 Windows Print Spooler (PrintNightmare)
  4. Moodle cross-site scripting & open redirect vulnerabilities

Supply chain attack affects Kaseya product

This week a cyber attack has made a significant impact by affecting a product produced by the US IT firm Kaseya.

The product, Virtual System Administrator, or VSA, is a remote management and monitoring tool which can help administer customer networks. Any service provider using the product may have seen appliances exploited by the attacker, using an undisclosed vulnerability. Once accessed, the attacker can then push malicious files to endpoint machines, encrypt them and have a damaging impact upon customer networks.

The ransomware attack, which has been claimed by the REvil group, has made an impact worldwide including Swedish Coop supermarkets in Sweden and a number of schools in New Zealand.

Kaseya have been keeping their customers updated via an advisory on their website.

Ransomware is a common attack and a type of malware which can make data or systems unusable until the victim makes a payment. This of course does not guarantee the criminals will halt the attack.

As well as keeping up to date with the company’s advisory, the NCSC recommends that people who have been affected do not click on any links emailed to them by the attackers as they could be malicious. Our latest statement can be found here on the NCSC website.

The NCSC has also published actionable guidance which can help organisations affected by this incident:

Agreement reached on British Airways data breach compensation claim

British Airways has settled a compensation claim following a data breach in 2018.

The breach affected up to 420,000 customers and BA staff, and included names, addresses, and payment card information.

Reports suggest that cyber criminals were able to steal the data due to a Magecart infection on the company’s payment processing pages.

The terms of the settlement are confidential.

Magecart is a type of web skimming malware which attempts to harvest payment information via malicious JavaScript.

Large stores of data are a tempting target for attackers. The NCSC has published advice on how to adequately protect such information and details on how to configure storage buckets to protect data.

Individuals affected by a data breach should remain vigilant against suspicious phone calls and targeted emails, and the NCSC has published advice on how to protect yourself from the impact of data breaches.

CVE-2021-34527 Windows Print Spooler (PrintNightmare)

Microsoft has released security updates to address a security vulnerability in the Windows Print Spooler (CVE-2021-34527 “PrintNightmare”).

Microsoft recommends installing the June 2021 security update and security updates released on or after 6 July 2021.

Further information, workarounds and an FAQ are available at:

Moodle cross-site scripting & open redirect vulnerabilities

The NCSC is aware of a cross-site scripting vulnerability and an open redirect vulnerability affecting the Moodle learning management system.

The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest version as soon as practicable. Upgrading to at least version 3.11, 3.10.4, 3.9.7 and 3.8.9 addresses these security issues.

For more information see:

NCSC © Crown Copyright 2021

Leave a Reply

scroll to top