Windows 10 crashes when printing due to Microsoft March updates
By
The Windows 10 KB5000802 and KB5000808 cumulative updates released yesterday are causing Blue Screen of Death crashes when printing to network printers.
Since then, there has been a constant stream of complaints that printing is causing Windows 10 to crash with an APC INDEX MISMATCH for win32kfull.sys blue screen of death crash.
Example APC INDEX MISMATCH for win32kfull.sys crash
According to posts by system administrators on Reddit [1, 2], the Windows 10 crashes began immediately after installing yesterday s KB5000802 and KB5000808 updates and attempting to print. Hey Jen, several folks over in r/sysadmin, myself included, are seeing a BSOD post-update (on at least Win10 20H2 so far) when sending print jobs to any Windows Server printer share using a type 3 Kyocera KX driver. (i.e., type 4 KX driver and other generic type 3/4 drivers don t exhibit the issue), one Reddit user posted.
Norway s parliament, the Storting, has suffered another cyberattack after threat actors stole data using the recently disclosed Microsoft Exchange vulnerabilities.
Google Chrome to block port 554 to stop NAT Slipstreaming attacks
By
01:21 PM
Google Chrome will block the browser s access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability.
Last year, security researchers disclosed a new version of the NAT Slipstreaming vulnerability that allows malicious scripts to bypass a website visitor s NAT firewall and access any TCP/UDP port on the visitor s internal network.
Illustration of the NAT Slipstreaming 2.0 attack
As this vulnerability only works on specific ports monitored by a router s Application Level Gateway (ALG), browser developers, including Google, Safari, and Mozilla, have been blocking vulnerable ports that do not receive a lot of traffic.
Ransomware gang plans to call victim s business partners about attacks
By
12:47 PM
The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim s business partners to generate ransom payments.
The REvil ransomware operation, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) where the ransomware operators develop the malware and payment site, and affiliates (adverts) compromise corporate networks to deploy the ransomware.
As part of this deal, the REvil developers earn between 20-30% of ransom payments, and the affiliates make the remaining 70-80%.
To pressure victims into paying a ransom, ransomware gangs have increasingly turned to a double-extortion tactic, where attackers steal unencrypted files that they threaten to release if a ransom is not paid.
SolarWinds reports $3.5 million in expenses from supply-chain attack
By
SolarWinds has reported expenses of $3.5 million from last year s supply-chain attack, including costs related to incident investigation and remediation.
Further expenses were recorded by SolarWinds after paying for legal, consulting, and other professional services related to the December hack and provided to customers for free.
Additional costs expected
While $3.5 million doesn t seem too much compared to the aftermath of the SolarWinds supply-chain attack, the incurred expenses reported so far were recorded through December 2020, with significant additional costs being expected throughout the next financial periods. Costs related to the Cyber Incident that will be incurred in future periods will include increased expenses associated with ongoing and any new claims, investigations and inquiries, as well as increased expenses and capital investments related to our Secure By Design initiatives, increase