Updating the operating system is a common activity. However, in July 2021, one of Microsoft’s Windows updates gained prominence.  

Let’s talk about it: Windows print spooler failure: why should I update immediately?

What is Print Spooler Failure?

The print spooler is one of the Windows operating system components. Its purpose is to allow the exchange of information between computer and printer, as well as ordering the queue of documents that must be printed.

When this tool has a failure or there is a communication error between software and hardware, prints are not made.

Generally, these errors do not imply major security holes. However, the online disclosure of the flaw known as PrintNightmare sparks warning signs.

What is PrintNightmare?

PrintNightmare means exactly that. It has become known as a serious security hole in Windows print spooler.

Through this loophole, hackers can use the print spooler and its high level of access within Windows to completely control the computer.

With this, they can access any information, control programs and applications already installed, modify documents and folders, create new user accounts, and even install new apps. All this without the user having any control.

The print spooler failure does not only affect the latest versions of the Microsoft operating system. In fact, it can be exploited on computers with older versions, and even newer versions such as Windows 7.

If this error has been around for so long, why have updates been released to fix it just now?

Data security is essential to a company’s operations. Both protecting strategic information and customer data. Learn if your company is prepared for a cyberattack.

Print Spooler Failure Disclosure

The codes referring to this failure were released on the internet even before Microsoft experts were aware of the existence of the error.

Researchers at Sangfor Technologies, a Chinese company that works with network security systems, discovered this error and made a Proof of Concept (PoC), which is a hands-on exercise. It is used as documentation during the process of recognition, diagnosis, and correction of faults made by developers, whose goal is to demonstrate the feasibility and forms of a certain attack on a system.

Thus, the PoC created by Sangfor ended up being put online, as the researchers believed that the error had been resolved. When it was determined that Microsoft was not aware of the flaw, the information was taken down.

However, the PoC information ended up being posted on GitHub (a programmer’s social network that also serves as an information repository) before the fix was made available. Thus, sensitive data was available so that it could be analyzed and possible attacks planned.

According to Microsoft itself, the information regarding the print spooler failure and PrintNightmare have been used to carry out real attacks on computers using the Windows operating system.

Faced with this problem, Microsoft was forced to fix the errors quickly and release a new system update. It was released on July 6, 2021 and, according to the company, it is available for Windows 10, 8.1, and 7.

The company recommends that all Windows users immediately update their operating system in order to prevent the invasion of hackers through the print spooler failure.

How to Update Windows Operating System?

Normally, the Windows operating system is configured to automatically update the system. However, it is not uncommon for this function to fail.

Manually updating your Windows operating system is quite simple. Just access the settings through the Start Menu and click the icon referring to Updates and Security. Then click on the Windows Update tab and request to update the system.

For Windows 10, the update that fixes the print spooler failure is designated as follows: KB5004945. Once the update has been downloaded, simply restart your computer for the updates to install and the problem to be fixed.

senhasegura aims to maintain the security of information, acting against data theft and ensuring the sovereignty of companies over their information.

Visit our website and schedule a demonstration of our products.

Technology has undergone constant change, as innovations that emerge today can be surpassed tomorrow, and so on. This is a reality that can be contemplated in the IT sector or corporate software developers.

As the market becomes increasingly competitive as a result of new technologies, the ideal of agility and efficiency must be achieved with excellence. Hence the need to increasingly integrate a company’s activities.

How? By integrating security into DevOps. But how does this work? That’s exactly what this article is about. Keep reading it!

What Is DevOps?

First of all, let’s understand this concept: DevOps is the combination of the development and operations words.

DevOps encompasses a set of processes and methods for integrating software development activities into IT operations.

The truth is that these two sectors have always been independent in their work, however, this reality causes some problems for companies, such as not knowing which of the two to request a certain demand, since the division of work is usually not clear enough for everyone.

With DevOps technology, this context tends to change as the activities to be done are distributed in a clear and organized way.

The implementation of this software development methodology brings a very beneficial transformation for software developers and IT operators, as it adds agility, speed, efficiency, and security to the entire environment.

But does DevOps really bring benefits to information security? Discover it now!

Also read: The Pillars of Information Security

DevOps Benefits

As it is a new technology, it is natural that some questions arise about its functionality and implementation advantages. That is why we are going to present here some improvements that DevOps adds to your company’s information security. Check it out!

Greater Collaboration Through Constant Analysis In practice, DevOps technology tends to automate operations across the entire environment. From this, the manager can follow all the steps of the processes accurately.

DevOps actively collaborates to make security happen through reliable monitoring and constant performance analysis early in the process.

Increased Reliability

With tests being performed at each stage of the process, the result becomes more reliable, as possible failures and correction needs are soon identified and resolved, and the operation continues without major problems.

DevOps allows teams to perform their activities in a synchronized way, from certified accesses, in addition to making the applications easier to use through an improved interface.

Intervention Power The use of DevOps increases employee participation, as the possibility of intervention at each stage facilitates the perception of failures and problem-solving before the final work is compromised.

All this happens through access control, which suggests even more security to the process as a whole.

The Importance of DevOps to Security

After learning about the benefits of this innovation to improve a company’s operations as a whole, it is clear that security is one of the priorities of this technology.

The purpose of integrating security into DevOps is to ensure security from the beginning of development and not just at the end, as is often the case.

Ideally, the two areas work in constant communication, based on an automated and integrated system that allows checking each step of the work, analyzing performance, and solving possible failures during the process.

When mapping each phase of development, the manager is able to identify the need for improvement to ensure greater protection in final operations.

Thus, DevOps works to integrate the development and IT teams with a focus on application security through the continuous delivery of analysis so that problems are solved more efficiently.

How to Implement DevOps In Your Company?

It is always important to have a company that specializes in the subject when implementing an innovation such as DevOps in your company, as it makes it easier to guide employees and conduct the work with the appropriate support.

By outsourcing this service, the manager is responsible for the interaction and control of deliveries between the teams. This dynamic tends to add more speed and efficiency to the final results.

Furthermore, the training required for the implementation of DevOps, being carried out by specialized professionals, will ensure greater collaboration and better performance of the teams involved in the processes.

Global efforts to ensure data protection have increased dramatically over the years. Governments around the world have been concerned with creating laws and regulations that ensure the security of circulation and processing of information from citizens and users, especially by companies, respecting people’s privacy and operating within the specific laws of the country.

After the European Union General Data Protection Regulation (GDPR), which seeks to guarantee citizens greater control over their own data, governments in several countries also started to invest in their own regulation with the same purpose.

PIPL Construction Route

The most recent regulation was from China, which, after several revisions since October 2020, has officially approved its PIPL (Personal Information Protection Law) in August of this year. The first draft was presented at the National People’s Congress of China on October 13, 2020, and opened for public review on October 21 of the same year.

A month later, the reviewed document was closed for internal assessment. In August 2021, the proposal was approved and is expected to take effect on November 1st.

The Chinese data protection law is similar to the European law, but with a stricter structure, especially for “Big Techs”. The goal is to further strengthen the current protection regime, regulating the collection, processing, and use of Chinese citizens’ data, including rules that avoid the monopoly and over-enrichment of some companies through population data.

The China Consumer Association strongly criticized this type of behavior by companies, saying that the algorithms are becoming a “technical intimidation” to consumers.

How does PIPL impact organizations?

The data is seen by the Chinese government as a basic strategic resource and belonging to the country, and its use by third parties should be kept to a minimum, monitored, and for well-defined purposes. Therefore, with PIPL’s approval, the activities of organizations and individuals working with personal information will be heavily impacted.

European entities fear that Chinese regulations will jeopardize trade between companies in the bloc and China, putting at risk the privacy of their businesses, as it is necessary to be subject to protection demands different from the European LGPB.

For multinationals, the situation is no different, as they consider an uncertain business scenario and an invasive behavior by the Chinese government when auditing companies. In short, this uncertain scenario ends up generating concern for companies due to the following requirements:

• Users are given more control over their data: Users can request/control the editing, removal, and restriction of the distribution, processing, and use of their data. In addition, prior consent can be changed or canceled by the user.
• More rigorous requirements for data sharing and transfer: An organization or any other parties involved in data control need to pass assessments related to the legal use of data. 
• Penalties and fines in cases of data breaches: The value of fines can reach up to 50 million RMB (Yuan Renminbi), the equivalent of 40 million reais or 7 million dollars, deduction of annual revenue percentage, or even termination of business.
• Mandatory security controls: The processing of personally identifiable, sensitive, or critical information must be subject to strict mandatory security controls and personnel responsible for handling it must receive appropriate training. 
• Mandatory location of data: The processing of personally identifiable information is limited to the boundaries defined by the China Cybersecurity Administration – CAC. If a company exceeds these limits, it must provide the location of this data.

Key Points of the Chinese Law

The law presents requirements and regulations on the legal form of handling personally identifiable information, which is those that somehow identify the user in electronic media, including critical state security information and sensitive information involving religion, beliefs, ethnicities, financial information, user tracking, and others.

Thus, some key points can be highlighted that must be observed by companies in operations that deal with information of this nature.

User Consent

Before any operation with personal data, companies or interested parties must request the consent of the users, who must be explicitly notified about any matter related to the processing of their data, including the identity and contact information of those responsible for handling it. (Article 24)

Organizational Management

Those responsible for handling the data must adopt security measures that ensure protection against intrusion, leaks, or theft during data collection, distribution, and processing. Some of these measures involve data encryption and proper training of those responsible for operations and/or overseeing operations. (Articles 50, 51, 52)

Individuals’ Rights

Users must have the right to access their own data, being able to modify them, delete them, decide when their information can or cannot be processed, or request an explanation about the processing. (Articles 44, 45, 46, and 48)

Data Transfer Borders

The transfer of data outside China can only be done with the explicit consent of the subjects, who must be notified when their information is transferred outside Chinese territory. When processing crosses borders, an organization undergoes a security assessment, which must be approved to proceed with operations. (Articles 39 and 40)

Data Location

When organizations reach the limit of data volume defined by CAC, they must maintain the storage of the information already collected and generated on the premises of the Chinese territory. Article 40)

What Can We Expect as Next Steps?

The approval of the Law affected various sectors of the economy and raised concerns for Chinese companies and European multinationals, especially the ‘Big Techs’. In this sense, companies that deal with the distribution, collection, and processing of data, as well as the development of software and related activities must work ethically and morally, paying attention to all the requirements established by the law, if they want to ensure the smooth running of their business and a good reputation.

All of us at some point have heard of digital transformation. This phenomenon affects companies of all verticals and sizes and has been gaining attention in the market. Digital transformation increasingly requires organizational leaders to adapt their organizational strategies to meet new and more demanding business requirements. This includes aspects such as customer experience, agility, and improvement of their business processes.

Thus, meeting these new market demands has become much more than a trend, it is a business imperative. These actions include the implementation of technology solutions in organizations to optimize their operations, reduce costs, and thus deliver the best experience to their clients.

To meet the new requirements arising from the digital transformation process, market suppliers, including IT, have developed solutions to be implemented by companies. With so many options available, it is often difficult for organizational teams to choose the best solutions that meet their needs and can fill the gaps created by these new market requirements.

Gartner is a company recognized for providing impartial, high-quality consulting and research on many markets, as well as providing valuable information and insights to the entire technology community. In addition to being part of the S&P 500, an index of the top 500 publicly traded companies in the United States, Gartner provides research and analysis of solutions in areas such as finances, legal, compliance, and Information Technology.

Through its more than 15,000 employees, Gartner also contributes to determining the IT standards in place and the market trends that will become a reality in the future. Its reach is global, being located in more than 100 countries.

Gartner provides strategic market research and tools for IT leaders to build their strategies and assist in decision-making.

More than 15,000 companies are listed as Gartner clients around the world. To get an idea of its relevance to the market, 73% of the companies that make up the Fortune Global 500 – the annual ranking of the 500 largest companies prepared by Fortune magazine – are Gartner clients and use its services in their business strategies.

If organizational and security leaders do not use the proper tools to choose security solutions such as those offered by Gartner, the organization is subject to not implementing the proper tools to solve its business problems. Or even worse: companies may even implement these solutions and not fully take advantage of all the functionality offered by these technologies.

This is because, in many cases, the chosen solutions may not be in line with their strategy and business needs. By not adapting their operations to the changes required by phenomena such as digital transformation, organizations can suffer from drops in performance, productivity, agility, and effectiveness in the execution of their business strategies.

When this occurs, organizations are subject to greater business and cybersecurity risks. Furthermore, they are subject to not obtaining a greater competitive advantage over their competitors in the market, which can affect their operations’ continuity.

To support their strategy and help organizations of all sizes choose which solutions to deploy in their infrastructure, IT leaders should use tools developed by Gartner, such as the Magic Quadrant reports.

Gartner’s Magic Quadrant uses a uniform set of assessment criteria with results represented in a graphical form showing the competitive positioning of different vendors of digital products and services in different markets. This representation makes it easy to see how these vendors meet different market requirements and work against Gartner’s market view.

Gartner uses a qualitative data analysis methodology to indicate trends in different markets. This analysis includes the direction and maturity of different markets, in addition to their respective players. The analytics developed by Gartner are tailored for specific technology industries, including PAM, and are updated every one to two years.

The Magic Quadrant for PAM allows you to assess different vendors and their market positioning, as well as their vision and how they perform according to Gartner’s market vision.

This is done through the two axes of the quadrant: one axis representing the vendor’s market awareness, called Completeness of Vision, and the other that reflects the Ability to Execute its market view.

The graph with the two axes is divided into four quadrants, which indicate the capabilities of different vendors with respect to the Ability to Execute and Completeness of Vision aspects.

The different quadrants of the Magic Quadrant are: Niche Players, Visionaries, Challengers, and Leaders. The Magic Quadrant is the first step in understanding what these vendors and their associated technology do. This tool helps you understand visions, strategic roadmaps, and all their ability to operate according to your specific needs.

Speaking specifically about the Privileged Access Management (PAM) market, Gartner has launched the Magic Quadrant report with 14 vendors in 2018. However, each year this number has been decreasing: in 2020, 12 vendors were listed, and the last report, released in July 2021, brought only 10 PAM technology vendors. According to the Gartner analyst, the “air is thinner”, that is, the PAM market is even more competitive than in previous years.

Gartner’s Magic Quadrants are important because they influence the buying decisions of organizations of all sizes and verticals. Large companies often turn to Gartner and its reports to support their strategies and choose which IT vendors they will hire.

By using information from Gartner’s Magic Quadrant report, organizational and security leaders can better understand the dynamics of the different markets covered by Gartner.

Also, those using Gartner-developed reports can quickly obtain information about the different vendors centrally. It is also possible to know the strengths and weaknesses of the solutions assessed in the reports, allowing them to assertively choose the best tools to meet their business requirements. Thus, organizations are able to increase their operational efficiency, improving the experience of their customers, partners, and employees, reducing risks and ensuring the continuity of their operations.

On July 2, a Russian group of hackers exploited a flaw in the Kaseya company’s management software, affecting its systems and causing problems for it and its customers.

The massive cyberattack affected around 1,500 businesses in 17 countries. The attackers promised to return access to the data in exchange for 70 million dollars, equivalent to 364 million reais.

Hackers promised to release a decryptor so that all files could be recovered in at least an hour after paying the ransom.

Known as “REvil”, the organization claimed responsibility for the virtual attack on Kaseya. It was also responsible for the invasion that halted production at JBS, the world’s largest meat processor, in June this year.

Domino Effect

Headquartered in Florida, United States, Kaseya is responsible for the remote monitoring and management program used by more than 40,000 companies. Of these, only 60 were directly affected by the cyberattack.

However, as many of Kaseya’s customers provide services for other businesses, the systems are interconnected in a network.

This connection resulted in a domino effect, as the installed malware quickly spread and encrypted the files it found along the way.

The supermarket chain Coop, in Sweden, had to suspend the operation of its stores because it was unable to use the cash register system, which was managed by one of Kaseya’s client companies.

How Did the Invasion Take Place?

The type of virus was ransomware that can encrypt computer files. Access is only granted upon payment of a ransom to the hacker, that is, it is like a data hijacking in the digital world.

In this type of cyberattack, ransomware infiltrates frequently used software and spreads as systems are updated.

Encryption is the practice of encoding data, causing it to no longer have the original format and, therefore, no longer be readable by its owners.

Files can only be decrypted and returned to their original format through the use of a specific decryption key. It is for this key that Russian hackers ask for the ransom, as without it the data becomes useless.

Measures

This can be considered the biggest cyber-attack with ransomware of all time, as it reached a proportion never seen before in similar cases.

Kaseya asked customers using its system administration platform, VSA, to immediately shut down their servers to try to prevent the possibility of their information being captured by the cyberattack.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Agency (CISA), among other US officials, assisted in the investigations.

US President Joe Biden has warned Russian leader Vladimir Putin to take action against hackers who have been operating in Russia for a long time.

On July 12th, Kaseya has reported that it had fully recovered the servers. These attacks are an increasingly profitable way to take hostages in the virtual universe.

How Does the Russian Group Operate?

REvil, also called Sodinokibi, is one of the best-known hacker gangs today. It operates with dozens of individuals in a “professional” regime with the division of tasks.

While one part of the group invades the systems, the other is responsible for constantly maintaining the ransomware, managing the group’s financials, and negotiating the rescue of the data with the victims.

Hackers drive the attack into double extortion mode, which occurs when Internet hackers take control of the network, extract important and sensitive data, and activate ransomware that encrypts victims’ data.

Then, they ask for a ransom in cash or bitcoins so that they return control of the data and do not disclose the information obtained illegally.

The group explored a series of “zero-days” in the product that allows it to bypass its authentication, arbitrarily upload files, and install pirated software.

With this, they can use a series of tactics and tools to move around the network and have access to all the files that are present.

A tool from Kaseya itself may have been used to take control of the system and activate the malicious software, as it has high-level access privileges on the machines, passing in an authorized way through antivirus.

The exact form used by the group is still unknown, however, the flaws of the American company’s protection to its systems became clear.