Virtual CIO

July 2021 PrintNightmare Briefing

Executive BriefPrintNightmare is the name given to a critical remote code execution vulnerability in the Windows Print spooler service. Attackers can take advantage of this vulnerability to gain control of affected systems, causing widespread harm to internal and external parties.Technical DetailsThe RpcAddPrinterDriverEx() function is used to install a printer driver on a system. One of the parameters to this function is the DRIVER_CONTAINER object, which contains information about which driver is to be used by the added printer. The other argument, dwFileCopyFlags, specifies how replacement printer driver files are to be copied. An attacker can take advantage of the fact [...]

July 2021 PrintNightmare Briefing2021-07-08T15:01:28-06:00

Fortify Your Email and Web Defenses

Phishing emails and the use of unencrypted Hypertext Transfer Protocol (HTTP) protocol remain persistent channels through which malicious actors can exploit vulnerabilities in an organization’s cybersecurity posture. Attackers may spoof a domain to send a phishing email that looks like a legitimate email. At the same time, users transmitting data via unencrypted HTTP protocol, which does not protect data from interception or alteration, are vulnerable to eavesdropping, tracking, and the modification of the data itself. Breaking Down the Attack: How It WorksEmail  An attacker spoofs the domain of a reputable organization, and sends an email that looks to be a legitimate [...]

Fortify Your Email and Web Defenses2021-03-14T18:16:13-06:00
Go to Top