Remote print server gives anyone Windows admin privileges on a PC
A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver. [...]
Showing only posts by Lawrence Abrams. Show all posts.
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil
A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations. [...]
The Week in Ransomware - July 30th 2021 - €1 billion saved
Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands. [...]
Amazon gets $888 million GDPR fine for behavioral advertising
Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising. [...]
New destructive Meteor wiper malware used in Iranian railway attack
A new file wiping malware called Meteor was discovered used in the recent attacks against Iran's railway system. [...]
Google: Android apps must provide privacy information by April 2022
Google has announced today more details regarding their upcoming Google Play 'Safety section' feature that provides users information about the data collected and used by an Android app. [...]
LockBit ransomware automates Windows domain encryption via group policies
An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. [...]
LockBit ransomware now encrypts Windows domains using group policies
An new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. [...]
Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities
Security researchers warn of new zero-day vulnerabilities in the Kaseya Unitrends service and advise users not to expose the service to the Internet. [...]
New PetitPotam attack allows take over of Windows domains
A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. [...]
The Week in Ransomware - July 23rd 2021 - Kaseya decrypted
This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key. [...]
Kaseya obtains universal decryptor for REvil ransomware victims
Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free. [...]
New Windows print spooler zero day exploitable via remote print servers
Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature. [...]
Ecuador's state-run CNT telco hit by RansomEXX ransomware
Ecuador's state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support. [...]
Cyberattack on Moldova's Court of Accounts destroyed public audits
Moldova's "Court of Accounts" has suffered a cyberattack leading to the agency's public databases and audits being destroyed. [...]
The Week in Ransomware - July 16th 2021 - REvil disappears
Ransomware operations have been quieter this week as the White House engages in talks with the Russian government about cracking down on cybercriminals believed to be operating in Russia. [...]
Microsoft shares guidance on new Windows Print Spooler vulnerability
Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight. [...]
Windows print nightmare continues with malicious driver packages
Microsoft's print nightmare continues with another example of how a threat actor can achieve SYSTEM privileges by abusing malicious printer drivers. [...]
Linux version of HelloKitty ransomware targets VMware ESXi servers
The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage. [...]
Chinese hackers use new SolarWinds zero-day in targeted attacks
China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...]
Hackers use new SolarWinds zero-day to target US Defense orgs
China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...]
Hackers used SolarWinds zero-day bug to target US Defense orgs
China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...]
Adobe updates fix 28 vulnerabilities in 6 programs
Adobe has released a giant Patch Tuesday security update release that fixes vulnerabilities in Adobe Dimension, Illustrator, Framemaker, Acrobat, Reader, and Bridge. [...]
Microsoft July 2021 Patch Tuesday fixes 9 zero-days, 117 flaws
Today is Microsoft's July 2021 Patch Tuesday, and with it comes fixes for nine zero-day vulnerabilities and a total of 117 flaws, so Windows admins will be pulling their hair out as they scramble to get devices patched and secured. [...]
REvil ransomware gang's web sites mysteriously shut down
The infrastructure and websites for the REvil ransomware operation have mysteriously gone offline as of last night. [...]
« newer articles | page 36 | older articles »