The Week in Ransomware - August 13th 2021 - The rise of LockBit
This week we saw an existing operation rise in attacks while existing ransomware operations turn to Windows vulnerabilities to elevate their privileges. [...]
Showing only posts by Lawrence Abrams. Show all posts.
Windows 365 exposes Microsoft Azure credentials in plaintext
A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. [...]
SynAck ransomware releases decryption keys after El_Cometa rebrand
The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group. [...]
Hackers now backdoor Microsoft Exchange using ProxyShell exploits
Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...]
Microsoft Exchange servers are getting hacked via ProxyShell exploits
Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...]
Microsoft confirms another Windows print spooler zero-day bug
Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. [...]
Kaseya's universal REvil decryption key leaked on a hacking forum
The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. [...]
Adobe fixes critical preauth vulnerabilities in Magento
Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect. [...]
Windows security update blocks PetitPotam NTLM relay attacks
Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain. [...]
Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws
Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches. [...]
Microsoft fixes Windows Print Spooler PrintNightmare vulnerability
Microsoft has fixed the PrintNightmare vulnerability in the Windows Print Spooler by requiring users to have administrative privileges when using the Point and Print feature to install printer drivers. [...]
One million stolen credit cards leaked to promote carding market
A threat actor is promoting a new criminal carding marketplace by releasing one million credit cards stolen between 2018 and 2019 on hacking forums. [...]
Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now
Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. [...]
The Week in Ransomware - August 6th 2021 - Insider threat edition
If there is one thing we learned this week, it's that not only are corporations vulnerable to insider threats but so are ransomware operations. [...]
Computer hardware giant GIGABYTE hit by RansomEXX ransomware
Taiwanese motherboard maker Gigabyte has suffered a RansomEXX ransomware attack where threat actors threaten to release 112 GB of data if a ransom is not paid. [...]
Linux version of BlackMatter ransomware targets VMware ESXi servers
The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. [...]
Angry Conti ransomware affiliate leaks gang's attack playbook
A disgruntled Conti affiliate has leaked the gang's training material when conducting attacks, including information about one of the ransomware's operators. [...]
New Windows PrintNightmare zero-days get free unofficial patch
A free unofficial patch has been released to protect Windows users from all new PrintNightmare zero-day vulnerabilities discovered since June. [...]
Telegram for Mac bug lets you save self-destructing messages forever
Researchers have discovered a way for users on Telegram for Mac to keep specific self-destructing messages forever or view them without the sender ever knowing. [...]
LockBit ransomware recruiting insiders to breach corporate networks
The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. [...]
Ransomware attack hits Italy's Lazio region, affects COVID-19 site
The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal. [...]
Google Chrome to no longer show secure website indicators
Google Chrome will no longer show whether a site you are visiting is secure and only show when you visit an insecure website. [...]
Windows PetitPotam attacks can be blocked using new method
Security researchers have devised a way to block the recently disclosed PetitPotam attack vector that allows hackers to take control of a Windows domain controller easily. [...]
DarkSide ransomware gang returns as new BlackMatter operation
Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. [...]
Public print server gives anyone Windows admin privileges
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a computer by installing a print driver. [...]
« newer articles | page 35 | older articles »