meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, July 7th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 7 July 2021

⏱️ 9 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Printnightmare Patch; Kaseya; Kaspersky Password Manager; Amazon Echo Dot Forensics

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, July 7, 2021 edition of the Sand Center at Storm Center's

0:07.0

Stormcast.

0:08.0

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:13.0

Well, good news from Microsoft.

0:15.0

Microsoft came out with a patch for the Brint Nightmare Vulnerability, CVE 2021-527.

0:24.6

Currently, most of the current versions of Windows do have a patch available.

0:30.6

There are at this point only three exceptions, Windows 10 version 1607, Windows Server 2016, and Windows Server 2012.

0:42.3

Everything else has a patch available, and Microsoft states that these three remaining operating

0:47.8

systems will receive a patch shortly, so by the time you listen to this, a patch may already be available for all

0:56.1

versions of Windows. This patch also fixes the older vulnerability, CVE 2021-1675, and Microsoft

1:06.3

recommends that you apply the patch as quickly as possible, and I think this makes a lot of sense.

1:13.7

It does not depend on you applying the June patch for 2021-1675.

1:20.8

That patch, again, is included here, so you can go straight ahead and apply this patch that Microsoft just released and get your

1:30.8

printers working again. There's no widespread reports of exploitation for this vulnerability yet,

1:37.0

and that's in part, of course, due to it requiring valid user credentials to get started.

1:46.6

So this will remain to be one of those lateral movement, privilege escalation style vulnerabilities, that you'll see more as a follow-up

1:52.2

to the initial compromise. And talking about patches, Kasea also stated that they will release a patch to their customers shortly.

2:04.2

Their software as a service offering should be back up and running at this point in time.

2:10.4

And their on-premise systems will be provided with a patch shortly thereafter.

2:20.7

So likely it could be Wednesday morning if it hasn't already been pushed out yet. There was initially sort of a little delay here in

2:26.3

their timeline, but they first wanted to get their software as a service offering back up and

2:31.8

running and then a few hours later. They were going to release a patch for the on-premise version of their software.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.