Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

CISA: Disable Windows Print Spooler on Servers Not Used For Printing

CISA: Disable Windows Print Spooler on Servers Not Used For Printing

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing.

“CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print,” the US federal agency said.

“Additionally, administrators should employ the following best practice from Microsoft’s how-to guides, published January 11, 2021.”

According to Microsoft’s recommendations, the Print Spooler service should be disabled on all Domain Controllers and Active Directory admin systems via a Group Policy Object because of the increased exposure to attacks.

Microsoft adds that the service should be disabled on all servers that don’t require it to mitigate future attacks due to these heightened risks of the printing service being targeted since it’s enabled by default on most Windows clients and server platforms.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

Until Microsoft addresses the PrintNightmare zero-day, disabling the Print Spooler service is the simplest way to ensure that threat actors—and ransomware groups in particular—won’t jump at the occasion to breach corporate networks.

Windows zero-day with public exploits

Chinese security company Sangfor accidentally leaked a proof-of-concept (PoC) exploit for the zero-day Windows Print Spooler vulnerability known as PrintNightmare, which allows attackers to take control of affected servers via remote code execution with SYSTEM privileges.

The leak was caused by confusion surrounding the vulnerability, which security researchers thought was tracked as CVE-2021-1675, a high severity privilege escalation flaw patched earlier this month by Microsoft and later upgraded to critical remote code execution.

However, as 0Patch co-founder Mitja Kolsek discovered, the exploit published for the PrintNightmare bug doesn’t target the CVE-2021-1675 vulnerability but, instead, an entirely different flaw also impacting the Windows Print Spooler service.

Security consulting company Lares has published PrintNightmare detection and remediation information on GitHub, together with details on how to stop and disable the Print Spooler service from the Group Policy settings or using a PowerShell script.

Also Read: The DNC Singapore: Looking at 2 Sides Better

The CERT Coordination Center (CERT/CC) has also published instructions on stopping and disabling the service in a separate Vulnerability Note.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us