A weekly recap of pertinent security events you need to be aware of and can read in 7 seconds (or so...)
Affected by REvil Ransomware?
Do this: Contact Kaseya and be patient.
Why: On 22-July, Kaseya posted an update on their helpdesk website indicating that they have obtained the universal decryption key and, through Emsisoft, is working with customers to restore the encrypted files.
Additional Info: From Kaseya: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-21st-2021
Do this: Apply the patch, or workarounds offered by Atlassian, as soon as possible.
Why: Multiple versions of Jira Data Center and Jira Service Management Data Center are affected by CVE-2020-36239, a critical bug that could enable unauthenticated remote code execution within the Data Center products. The patch fixes the issue but now requires a shared secret in order to access the Ehcache service. The workaround is to restrict access to the Ehcache remote invocation (RMI) ports (40001 and 40011).
Additional Info: Threatpost offers more details, including a list of affected versions on their post: https://threatpost.com/atlassian-critical-jira-flaw/168053/
Using an iPhone or iPad?
Do this: Update to iOS/iPadOS 14.7 immediately.
Why: Multiple security vulnerabilities have been patched in this update (40 in total: 37 specifically for iPhones) though Apple users are still waiting on a patch for NSO Group's Pegasus spyware.
Additional Info: Apple's security update: https://support.apple.com/en-us/HT212601
Using Oracle Products?
Do this: Apply any available security updates for products in your environment.
Why: Oracle addressed 342 issues with their latest round of quarterly updates. The most notable of which is CVE-2019-2729 (9.8/10), which allows for unauthenticated remote code execution in WebLogic Server Web Services.
Additional Info: Oracle's security update: https://www.oracle.com/security-alerts/cpujul2021.html
About the Author
Matt Barnett, CISSP, GFCA
Chief Strategist & Cofounder
After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity.